Malicious PDF — malware analysis report

Static analysis result for SHA-256 85800a486336cc76…

MALICIOUS

PDF

12.6 KB
MD5: 91a84d41bed8964bd0e1e2bfa47f5773 SHA-1: 98cd022de21001395e761a04d8088673b59569ab SHA-256: 85800a486336cc76298740216a7c7aa43f75ce304708619ba08d18e4e7480428
78 Risk Score

Malware Insights

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings. ClamAV also detected it as Pdf.Malware.Agent-9800931-0. The embedded JavaScript is likely intended to perform malicious actions, such as downloading and executing a secondary payload, although the specific actions are not detailed due to the lack of script content.

Heuristics 4

  • ClamAV: Pdf.Malware.Agent-9800931-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Malware.Agent-9800931-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED
    The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
6f0960da5d8bc8c08b3c34139a55db972239a005acbda456989308ccd0e2bb3b		 pdf-javascript-stream PDF /JS object 76 at offset 0x35A 11803 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.