PDF malware analysis — malicious · 93106dead28e1399

MALICIOUS

PDF

3.2 KB

MD5: 44a62051c1dedb16417d421f3f5eb0a6 SHA-1: d01bdbb67d95082c38cb748ab0e05ce97b5e674c SHA-256: 93106dead28e139911cebbcdee510772f65fe48f0d1f4e5f142ecd5c67125773

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by heuristic firings for PDF_JAVASCRIPT and PDF_JS. ClamAV detection as 'Pdf.Exploit.Agent-36121' strongly suggests malicious intent. The embedded JavaScript is likely responsible for exploiting a vulnerability within the PDF reader to download and execute a secondary payload, although the exact script content is not detailed here. The confidence is moderate due to the lack of specific script analysis.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `c429debc7c36fe86ef03494e0fdd1b90224862e3e07c30ee92b5e79463836d5b`	pdf-javascript-stream	PDF /JS object 7 at offset 0x9D5	484 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.