PDF malware analysis — malicious · e7b26dec019a417c

MALICIOUS

PDF

3.3 KB

MD5: 952d60d1b645ba5d4c4a88ec37880551 SHA-1: 4d17cb169274c08ebefd898a49cea3762a9f5d6d SHA-256: e7b26dec019a417c95242027dd1c055afde576bf99b696fbc49cfff5ebeb2c4d

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript T1204.002 Malicious File

The critical ClamAV heuristic 'Pdf.Exploit.Agent-36121' indicates a known PDF exploit. Additionally, low-severity heuristics for PDF JavaScript actions and embedded JS streams confirm the presence of executable code within the PDF. The embedded JavaScript, although not fully detailed here, is the likely mechanism for exploitation, aiming to download and execute a secondary payload. The lack of readable document body text prevents a more specific assessment of the lure, but the technical indicators strongly suggest a malicious exploit delivery.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `1d3a0145a2ebb3282b349b9a1bfbb33364adf6b59cd432a84ae401d87ab02818`	pdf-javascript-stream	PDF /JS object 7 at offset 0xA83	333 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.