PDF malware analysis — malicious · cd1f7bf93a06b369

MALICIOUS

PDF

3.2 KB

MD5: 2a99e2924da3aa43fb3586aea9b01d3f SHA-1: 31c5310218d5b2d68215f7ae88e1022942a31f18 SHA-256: cd1f7bf93a06b369fa2a2b3089f88aa208d6317168410c033df5d537a0081828

76 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious Link: Malicious File

The PDF file was detected by ClamAV as Pdf.Exploit.Agent-36121, indicating it contains a known exploit. Static analysis revealed embedded JavaScript, which is commonly used in PDF exploits to download and execute further stages. The JavaScript action and embedded JS stream heuristics confirm the presence of malicious scripting within the PDF.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `b6473ea6c0d5b03bc90ed68f400250032334d024a10544ddcb882c31ac132a52`	pdf-javascript-stream	PDF /JS object 7 at offset 0x9D6	494 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.