PDF malware analysis — malicious · cb2b10d3566c1e82

MALICIOUS

PDF

10.3 KB

MD5: 7819b651c5d192caba1b9e2ca1dfd9b3 SHA-1: 3f95ee32208729feb8d13094c2438656dfa93620 SHA-256: cb2b10d3566c1e8211ffa56db9df1781a6f10d2e55b20649e6cf6aa1062a35ee

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file contains embedded JavaScript, indicated by the 'PDF_JAVASCRIPT' and 'PDF_JS' heuristics. ClamAV detection as 'Pdf.Dropper.Agent-1828965' further confirms its malicious nature. The embedded JavaScript is likely responsible for downloading and executing a second-stage payload, which is a common technique for initial access or malware distribution. The document body was unreadable, so the rationale is based on the heuristics and the ClamAV signature.

Heuristics 3

ClamAV: Pdf.Dropper.Agent-1828965 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-1828965
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0035_000.js` `204573a5b0e306dba3d46b26df089eddb95e1c594fda32a665f5922a33d1f89e`	pdf-javascript-stream	PDF /JS object 35 at offset 0x17E	22407 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.