PDF malware analysis — malicious · ab8a1c3930c2da44

MALICIOUS

PDF

3.2 KB

MD5: 74cd5169203fc63e1d66440c4c29d733 SHA-1: a709100bb91c836d4a21db38ec5108783f256c6b SHA-256: ab8a1c3930c2da4468320e047d7dbc0bab4cca36abe6080ea037cf9b4543890b

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection as 'Pdf.Exploit.Agent-36121' strongly suggests this is a malicious PDF exploiting a known vulnerability. The embedded JavaScript is the likely mechanism for delivering the exploit, although its specific function cannot be determined without further analysis. The lack of readable document body text means the rationale is based solely on the technical findings.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `cc3a18e50d370cdfa86767759fbce826bb64107fb3497768d17eb9f2f2034ce9`	pdf-javascript-stream	PDF /JS object 7 at offset 0x9C6	497 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.