MALICIOUS
132
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
This PDF file is identified as malicious by ClamAV (Pdf.Exploit.Agent-19193). It contains embedded JavaScript, which is used to obscure the payload and likely exploit vulnerabilities in the PDF viewer. The presence of JBIG2 streams and the 'PDF_ENCRYPTED_WITH_JS' heuristic indicate a sophisticated attempt to hide malicious content. The document body is unreadable, suggesting it's a lure rather than containing user-facing text.
Heuristics 6
-
ClamAV: Pdf.Exploit.Agent-19193 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Exploit.Agent-19193
-
Encrypted PDF carries /js — payload hidden from static analysis high PDF_ENCRYPTED_WITH_JSPDF declares /Encrypt and also references an executable trigger (/js). Document encryption hides the JavaScript body and stream contents from static scanners — combined with auto-execution indicators this is a known evasion pattern used to deliver weaponised JavaScript that the analyst cannot inspect without the decryption key.
-
JBIG2Decode filter medium PDF_JBIG2JBIG2 image decoder present — historically used in zero-click exploits
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
PDF paints image(s) but contains no text operators info PDF_IMAGE_ONLY_LUREPDF has 2 image XObject(s) and the content stream contains no text-emitting operators (BT/ET, Tj, TJ, ', ") in either raw bytes or decompressed streams — this is the screenshot-as-PDF pattern used to bypass text-based scanners and to deliver instructions purely through rendered pixels. It is informational unless paired with invisible links or risky URI context.
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 32
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
jbig2_00_off00001453.bin3696a5fe4e567985eaea3a90132d7a87803a0112e007180fc44825760501cb48 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x1453 | 11660 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_01_off00004a51.bin9912d39b8981562d7c0b16f6e44a064ac0fc16920810544c29d2decc1a0efa2a |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x4A51 | 8385 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_02_off000073dd.bin2950aa348bb860de3758aeb25bd63ade3a700b5643effa6119023d0515f68249 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x73DD | 7571 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_03_off00009c9e.bin793bc126dfa19f90bbdd67f5fa4105016d90a745d26e212a793d432ae4887d22 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x9C9E | 10441 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_04_off0000cf36.bineb1e451f6ae7493dfb13bc8e66f88676e8500c7383105826ff1feb4d1cc4a1bc |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xCF36 | 8472 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_05_off0000f9ca.bin27257d7ba5d119e45ac8a8eb0b9bd4a808827018f1ad6974285f05b44dc9b8dd |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xF9CA | 8713 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_06_off000124ec.bin4b0f019f511b32347901b464e758d0c4d25cada2150a43521739d71a20957199 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x124EC | 8062 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_07_off00014df0.bin3fba9b0eb81cbf60de91193ac943ebdfccf297e3c6cd8940811201b8b694d011 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x14DF0 | 8206 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_08_off000177ab.binc2d9dcd95ea7c592ad116596ed6b053fe7dcdb9ed36f03b8dc1db2d3db177742 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x177AB | 8708 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_09_off0001a1a5.bin268bf50c0555523fe57013622e2ae1e37513868dd14272554aded8962718bcf7 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x1A1A5 | 8567 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_10_off0001cc40.bin7eb3f835d77026ac8cacc3fee0051bf45329899a0c9560d329113cb611a99e47 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x1CC40 | 8170 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_11_off0001f83e.bin07516d01d22df5a7f8aa7f35d14606f2c096176c0a8d71ce186737fd5800571a |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x1F83E | 11075 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_12_off00022cd8.bin405d93b343cfee2dc2b59df1a3e80a3570fb44a490426874f2895771978b15ce |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x22CD8 | 7935 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_13_off00025578.bin27e8ae90abe893c1410ba95dc42ba11ad4331f61b4f48c08787f410422643b05 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x25578 | 8889 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_14_off00027f37.bin8edb2b19115a09dda9a893360110b26cd9fbf07742e6e22e15cb4e0e9c45a116 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x27F37 | 8325 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_15_off0002aa98.bin22f739f62bb8d7502c932f70519cf4d217a737a0453585521cc6aa5f55985ab2 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x2AA98 | 10007 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_16_off0002daa5.binee4f52bae8f6f07fabf5ee77bb33779bd499b80657943e0b90f6816a5ac83339 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x2DAA5 | 8030 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_17_off0003027a.bin02be80a1e569d6c01eb4d443b2b9c1d6fdfc375edd28741b9338ff90867ac400 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x3027A | 7998 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_18_off00032c7a.bin42b1508036fd59537ecb1f5c04b18fde7942ab52709d792630141c77b3459e1d |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x32C7A | 8208 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_19_off00035404.bin09cc559ce050d4e49d4e260a6cc773677f27c3f9ccf95a6dc87f5e2e72f6ae9b |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x35404 | 7500 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_20_off00037a18.bin12d57513af1e7ce12ccfa61fbe2efcc4279c92043a96c5e3ee28ef29cfd45198 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x37A18 | 8082 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.97, consistent with packed or encrypted content.
|
|||
jbig2_21_off0003a535.binee9becb07f4b3620940c2c8c8083950d940d5d6b45ceafff4756b16662d85811 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x3A535 | 10617 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_22_off0003d827.bin0a43151c80db1067a259733c9952b28e7061dd453b7d1e4b4d021832592fe21c |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x3D827 | 7460 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_23_off0003fcc3.bin9a7a5502be08d08c5b9e9acdb04d0c683a803d761d0328126836249bc8a965d5 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x3FCC3 | 8107 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_24_off000425f8.bina17420f28546093e193a8469065b2f14d449d1bb6cec9d27be2632c2fcfce93c |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x425F8 | 7592 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.97, consistent with packed or encrypted content.
|
|||
jbig2_25_off00044bed.bin4355a7c91d4b5d2c17e0c6f63616bf3cd55447d2ac2cc16ca0878a34618f08a8 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x44BED | 7936 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_26_off00047489.binde4962e9c398cbbed239bc5adb498f2d2682417e2c61f773a806a8884c163fbe |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x47489 | 8051 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.97, consistent with packed or encrypted content.
|
|||
jbig2_27_off0004a0d8.bin9727969dd9964ab02870f3eb72ad6a04273fe577bac58f7703d2db13d42d6cbe |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x4A0D8 | 11125 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_28_off0004d626.bin0bfb7da7ebfea7ac075000fa632399c591f206b25f52d563e6c5552cc4025777 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x4D626 | 8427 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_29_off0004ffee.bin67e323cab1ebfaabca8b7311bc692a6071442a910e417f0cea237807a2c94a6b |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x4FFEE | 8122 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_30_off000528f8.bin4eec9d7a42ac4fabe479a4856aaa6204581bc7ee2c962a93754c03f36cebbd7a |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x528F8 | 8417 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_31_off0005530e.binc7f9e99f951456ec0ee4decdf55904d7da3d38a0247fba414b2d957e6b05f9ce |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x5530E | 8934 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.