Malicious PDF — malware analysis report

Static analysis result for SHA-256 a51bf18a2ed63c05…

MALICIOUS

PDF

3.2 KB
MD5: c426913717857a2c8a52cc4c159e69c2 SHA-1: 0deec69a05f28b4cd4cc45a2e58a5ebcacd057dd SHA-256: a51bf18a2ed63c05ad416f04252f4d67c56a614ff5e08ebfc6b7d80535e495b8
76 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File

The PDF file contains embedded JavaScript, indicated by heuristic firings for PDF_JAVASCRIPT and PDF_JS. ClamAV detection as Pdf.Exploit.Agent-36121 further confirms its malicious nature. The embedded JavaScript is likely responsible for executing the exploit, leading to the malicious verdict. The document body is unreadable, so the rationale is based on the technical findings.

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
8c35c45e3d377c667c96a071799d9e2e7fbddddb877b939dc50ba8118e720abf		 pdf-javascript-stream PDF /JS object 7 at offset 0x9C0 461 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.