Malicious PDF — malware analysis report

Static analysis result for SHA-256 d90c473b8f669198…

MALICIOUS

PDF

5.7 KB Created: 2008-32-10 13:12:00 Authoring application: Poeow (via Kskka)
MD5: 89d0c3c3411a0ec31bd94e9ab7b7a246 SHA-1: d40464dee0febd5079e5c4ee233a661ff1d46f87 SHA-256: d90c473b8f66919863aa0e2e693d1cdf64b66450cde2dc084c0277fcb9a8acd6
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The critical ClamAV heuristic indicates this PDF is malicious, specifically identified as 'Pdf.Exploit.Agent-22708'. Low-level heuristics confirm the presence of embedded JavaScript, suggesting an exploit is used to trigger malicious code execution. The embedded JavaScript is likely responsible for the exploit's payload delivery.

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-22708 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-22708
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0013_001.js
eee847555391c405536c645eabd92327b947a5a26deb89ed78a0735d7bec7976		 pdf-javascript-stream PDF /JS object 13 at offset 0x37F 42805 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.