Malicious PDF — malware analysis report

Static analysis result for SHA-256 e08204ee63f8f78c…

MALICIOUS

PDF

12.3 KB
MD5: 4b329e3003a5bd3075668e668c60b0ab SHA-1: 8b8afa89144e75713bba288684bdc1126d908872 SHA-256: e08204ee63f8f78ca94c2008c6890cba5cb4f3616821c72836472d1a89d76ea6
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059 Command and Scripting Interpreter

The PDF contains embedded JavaScript, indicated by multiple heuristic firings. ClamAV also detected the file as Win.Trojan.Agent-36281. The embedded JavaScript is likely intended to perform malicious actions, such as downloading and executing a second-stage payload, although the specific actions are not detailed due to the lack of script content analysis.

Heuristics 3

  • ClamAV: Win.Trojan.Agent-36281 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.Agent-36281
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0076_000.js
d96e21dc951e0d97c65be57d08de12841a3998d9cc1446a6b2b73e1c0b581464		 pdf-javascript-stream PDF /JS object 76 at offset 0x369 11460 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.