Malicious PDF — malware analysis report

Static analysis result for SHA-256 e2b1ada53084426d…

MALICIOUS

PDF

4.4 KB
MD5: 401cb154be4b6f45d1dd676d02028818 SHA-1: b8d905caf429d7388938f014f9ec593aafa77f50 SHA-256: e2b1ada53084426d0bc8b559b5d9fa0c2f7bad4b6b544fb2d8b68fc5827cabfb
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains embedded JavaScript, indicated by heuristic firings and the presence of a javascript object. ClamAV detection as 'Pdf.Exploit.Agent-36898' strongly suggests exploitation. The embedded JavaScript is likely responsible for executing the exploit, though its specific actions are not detailed in the provided evidence. The document body is unreadable, providing no further context on the lure.

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36898 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36898
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0020_000.js
b08abdb4bac421bced0cf47274d277526d4c58a52c61bcc4fcdf3dbce2eba0c7		 pdf-javascript-stream PDF /JS object 20 at offset 0xDE3 263 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.