PDF malware analysis — malicious · c74736c5c51b7c41

MALICIOUS

PDF

1.9 KB Authoring application: sli

MD5: 8d8a3c819a178d6b01a19cf040be101d SHA-1: 2edb43e3a8e9d33b15907ba96612ff2d8e7f9fd2 SHA-256: c74736c5c51b7c41e2d760b7b16997ae4a0f98987ff5a094fab23a45aafaf9c6

76 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File Execution: Malicious JavaScript

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ClamAV detection 'Pdf.Exploit.Dropped-91' strongly suggests this is a malicious PDF designed to exploit vulnerabilities. The embedded JavaScript is likely responsible for downloading and executing a secondary payload, which is a common attack pattern for malicious PDFs. No specific family could be identified from the available evidence.

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-91 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-91
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `f33cee299924a3578316dd169fd3180553068b3e429aa4e786d18a1de38cc3d7`	pdf-javascript-stream	PDF /JS object 76 at offset 0x426	548 bytes
`deobfuscated.js` `41174e06ce9bf6153f6080450f0bc4fc8c1c6a01f5117122e5f492c68090c2eb`	deobfuscated-js	PDF JavaScript deobfuscation pass	1213 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.