PDF malware analysis — malicious · bc0b46a9cdebcd21

MALICIOUS

PDF

3.2 KB

MD5: d221bbc4e4ddfc40f70201153fde788c SHA-1: b16929cf1a87a4f39027e47a6f447d825ab0b27b SHA-256: bc0b46a9cdebcd21d58f8c5b81e4b3ba4ec4b7a2b7cfe31e8a41ef99080e782b

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment T1204.002 Malicious File

The file is identified as malicious by ClamAV with the signature Pdf.Exploit.Agent-36121. Static analysis detected embedded JavaScript within a PDF stream, indicating an attempt to exploit PDF vulnerabilities. The embedded JavaScript is likely responsible for executing a malicious payload, although its specific actions are not detailed in the provided evidence.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `b0a5f98cc32c24d9b41a45a64e6bcc9e9793fd321f2d6d378f408cf168e73735`	pdf-javascript-stream	PDF /JS object 7 at offset 0x9C9	486 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.