PDF malware analysis — malicious · cfe0cba970f0d3db

MALICIOUS

PDF

7.9 KB

MD5: 56054ba8b5b10228479363bdf0c61234 SHA-1: bcb02b4175235723ee97e6da7a4a1ad3fbbad62b SHA-256: cfe0cba970f0d3dbc183c020994df5d5d8f1ebca09ee9d5e9deb0984584eaedd

76 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious File T1204.002 Malicious File: User Execution

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings related to PDF and JavaScript. ClamAV detection as 'Pdf.Dropper.Agent-7306434-0' strongly suggests its role as a dropper for malicious content. The primary function appears to be the execution of this embedded JavaScript to initiate a malicious chain.

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7306434-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7306434-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.