Malicious PDF — malware analysis report

Static analysis result for SHA-256 b42b58afe60c9b92…

MALICIOUS

PDF

3.2 KB
MD5: 3fe96d37e4480282b89fad18348e0cb9 SHA-1: f394e8d6e44987d90b1d8d6869fd948d85e3ce09 SHA-256: b42b58afe60c9b923f04c59df26c04bc3fd276784c545f4a09af3386e5842c9a
76 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File Execution: Malicious JavaScript

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection as 'Pdf.Exploit.Agent-36121' confirms its malicious nature. The embedded JavaScript is likely responsible for executing the exploit, leading to the malicious verdict. No document body text was available for further analysis of the lure.

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
c4b83e1260c940f39d14b3fce8f9f9ddca8ad713be7ac80bfb6a735606c32bca		 pdf-javascript-stream PDF /JS object 7 at offset 0x9C4 422 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.