PDF malware analysis — malicious · 957dc3b6b8de65af

MALICIOUS

PDF

6.6 KB Authoring application: Tisilarehaue (via 68be7Tibedegabala)

MD5: ad21164a9a41fc6ae11010902631781c SHA-1: 54c4ae37f42a949578ecf888e2fab7c82b96c888 SHA-256: 957dc3b6b8de65afc8e681c24507bdfc67dad149ac4c3f7fdbf3afc047bee7f6

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The critical ClamAV heuristic indicates the file is malicious, specifically identified as 'Pdf.Exploit.Agent-36142'. Low-severity heuristics confirm the presence of JavaScript actions and embedded JS streams within the PDF. While the document body is heavily obfuscated and unreadable, the presence of these elements strongly suggests an exploit attempt. The embedded JavaScript is likely responsible for executing the malicious payload, though its exact function cannot be determined from the provided evidence.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36142 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36142
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0010_000.js` `d4dce4f95f7146e3b127d68edf45ceb045483a205d9e9a2a53d6e6b80d83b663`	pdf-javascript-stream	PDF /JS object 10 at offset 0x1230	1728 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.