PDF malware analysis — malicious · b65a2d0106697f67

MALICIOUS

PDF

8.0 KB

MD5: 7c3e081be3a1c69e77ff6d2448eb7aee SHA-1: 163c554fcc6547bdd2c48103888db8ebb5d47a23 SHA-256: b65a2d0106697f6735f325aa504b90ad6eb19f6b6d712fdd38e12f73172f08e4

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV also detected this file as Pdf.Exploit.Agent-13401, suggesting it's a known exploit. The embedded JavaScript is likely used to download and execute a second-stage payload or exploit a vulnerability within the PDF reader.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-13401 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-13401
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.