Malicious PDF — malware analysis report

Static analysis result for SHA-256 cf52f341796e4ed4…

MALICIOUS

PDF

3.2 KB
MD5: b49f04705f3f6ceccac83b4b0c43d3cb SHA-1: 41942fa31d21e2688647416954d2a88c424e1bf2 SHA-256: cf52f341796e4ed49564e46963da501bce8e331716f8a3afb9bea95b239da4d3
76 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link: Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection as Pdf.Exploit.Agent-36121 further confirms its malicious nature. The embedded JavaScript is likely responsible for executing the exploit, leading to the malicious verdict. No specific IOCs like URLs or hashes were extracted from the provided evidence.

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
d5e5d7976bab7f49beb221454e3fc131589e806cd59a5e976171f8b81921bf5a		 pdf-javascript-stream PDF /JS object 7 at offset 0x9C7 504 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.