PDF malware analysis — malicious · 7dac1002573d3ba1

MALICIOUS

PDF

12.6 KB

MD5: 6043e24310fcaca2dbfd31b2b7c58f88 SHA-1: bf8fb04b8ba17530ca108d1270648f9fe4fc4766 SHA-256: 7dac1002573d3ba13f0c01541e7c3a855434898c7b9d79000efc2fa016d28846

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The file is identified as a malicious PDF by ClamAV, specifically Win.Trojan.Agent-36280. Static analysis revealed embedded JavaScript, indicating an attempt to exploit vulnerabilities within the PDF reader. The JavaScript is likely designed to download and execute a secondary payload.

Heuristics 3

ClamAV: Win.Trojan.Agent-36280 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36280
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `0e69e979e6ab399f6d31bec23e21951d210079aba83aeb05f9a1e296daf95d63`	pdf-javascript-stream	PDF /JS object 76 at offset 0x383	11804 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.