PDF malware analysis — malicious · d2810781c32fd9b0

MALICIOUS

PDF

16.2 KB Created: 2010-03-05 15:19:50 Authoring application: Laxiwoveja

MD5: 714975bc34493400b312138d56b904c8 SHA-1: cc707c2fd86a8ab9f3b7121e4578e52bd88c3f98 SHA-256: d2810781c32fd9b08d9426a33eeaca5de1698fdc1a0ed9e94728b9ff35c4b555

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The critical ClamAV heuristic indicates the file is a known PDF exploit, specifically 'Pdf.Exploit.Agent-36066'. Low-severity heuristics confirm the presence of embedded JavaScript, which is commonly used to deliver malicious payloads. The JavaScript action and embedded JS stream point to an exploit attempt within the PDF structure. The large size of the embedded JavaScript object suggests complex malicious code.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36066 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36066
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0022_000.js` `22e7b9b95199cc294a88baec03e968aa698abb89fdbf202e98b946c7b2639771`	pdf-javascript-stream	PDF /JS object 22 at offset 0x30AF	971255 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.