PDF malware analysis — malicious · bf2048ad2041a644

MALICIOUS

PDF

10.6 KB Created: 2009-02-19 14:45:49 -02:00 Authoring application: Writer (via OpenOffice.org 3.0)

MD5: 3d84e94ecd92fe4650c11340ec5f639d SHA-1: a1028359334d9e66b31fd759c7867f9e37f82d3b SHA-256: bf2048ad2041a6444a87f269aab4c7e57219fa9d6dc2c7f5ff5f1fc6eb6dcb28

108 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The critical ClamAV heuristic 'Pdf.Exploit.Agent-35541' and the high 'PDF_LAUNCH' heuristic indicate this PDF is designed to exploit a vulnerability. The 'PDF_JAVASCRIPT' heuristic confirms the presence of embedded JavaScript, which is commonly used to download and execute further malicious content. The document body is heavily obfuscated and does not provide direct clues to the user-facing lure.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-35541 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-35541
Launch action high PDF_LAUNCH

PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.