Malicious PDF — malware analysis report

Static analysis result for SHA-256 b6108918d0ac2984…

MALICIOUS

PDF

12.3 KB
MD5: 47d2ce648d9c2b0f05e9b8f139e84664 SHA-1: 26379ba569ea051f99646901d026876f0505b4fb SHA-256: b6108918d0ac298412f6063d122f17ebebbb68c0b06d12a6ed9d7b4d1821c967
76 Risk Score

Malware Insights

The PDF contains embedded JavaScript, indicated by multiple heuristic firings. ClamAV also detected the file as Win.Trojan.Agent-36281. The embedded JavaScript is likely intended to execute malicious code or download a secondary payload, a common technique for PDF-based malware delivery.

Heuristics 3

  • ClamAV: Win.Trojan.Agent-36281 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Agent-36281
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
69dcd5cb74ca265fe24b20f88ce688a02ea622d4fb91bc802662650492f58445		 pdf-javascript-stream PDF /JS object 76 at offset 0x369 11522 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.