PDF malware analysis — malicious · c2febba8bd29b8c5

MALICIOUS

PDF

11.6 KB

MD5: 8b5c4ee269ba66f76b6eb88e1be42096 SHA-1: 4ad7226038079622c849dd982a916d0df258a867 SHA-256: c2febba8bd29b8c5da23e1739f9603d4894942a41f05012394f911a4b5ef211c

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection as Pdf.Exploit.Agent-36177 further confirms its malicious nature. The embedded JavaScript is likely responsible for exploiting a vulnerability within the PDF reader to download and execute a secondary payload. However, the script content is not provided, limiting the ability to reconstruct specific IOCs or determine the exact execution flow.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36177 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36177
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `a7e6203b0e8f812879ed8382ccbb3900ad81b5a92faf27692f51de6e8c96c13a`	pdf-javascript-stream	PDF /JS object 7 at offset 0x1A6	569 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.