PDF malware analysis — malicious · cc6bf97fe0c4ed51

MALICIOUS

PDF

16.2 KB Created: 2010-03-05 15:19:50 Authoring application: Laxiwoveja

MD5: 462418d2868079325ee512d1c15a5ddb SHA-1: 2fcad5c02e5068c14ab732b9dac9def2da85b66a SHA-256: cc6bf97fe0c4ed5188a8d14d33881e85e894255c321cb79b8a3d7398e80cefba

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The file is a PDF containing embedded JavaScript, indicated by heuristic firings for PDF_JAVASCRIPT and PDF_JS. ClamAV also detected it as Pdf.Exploit.Agent-36066. The embedded JavaScript is likely used to exploit a vulnerability within the PDF reader to execute arbitrary code. The exact functionality of the script could not be determined due to its size and potential obfuscation, but the presence of exploit-related detections suggests a malicious intent, such as downloading a second-stage payload.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36066 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36066
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0022_000.js` `22e7b9b95199cc294a88baec03e968aa698abb89fdbf202e98b946c7b2639771`	pdf-javascript-stream	PDF /JS object 22 at offset 0x30AF	971255 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.