PDF malware analysis — malicious · 86ff82d52b519841

MALICIOUS

PDF

22.6 KB

MD5: 3fd5e2c77a1ec1bfb7fb423293feda55 SHA-1: c272e3be75ec23878e97227484de673e30c50782 SHA-256: 86ff82d52b519841b8ee137f5285ea7848f4e2f902e3d2bb1f2e2d882a1b2968

70 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT heuristic. ClamAV also detected the file as Pdf.Exploit.Agent-35606, suggesting it exploits a known PDF vulnerability. The embedded JavaScript is likely responsible for executing malicious code, potentially downloading a second-stage payload. No specific URLs or other IOCs were extracted from the document body or scripts.

Heuristics 4

ClamAV: Pdf.Exploit.Agent-35606 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-35606
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://ns.adobe.com/xap/1.0/
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/mm/

Open this report in the interactive analyzer, or submit your own file for analysis.