PDF malware analysis — malicious · ea813a0497e2f62b

MALICIOUS

PDF

3.3 KB

MD5: 5708a8578e4f4b1314ce658471667abd SHA-1: 294527f98175c4a1055b467eb67473e007d91850 SHA-256: ea813a0497e2f62b7859de3c8ee94cd3d67821e29d610cbdb19a9b5458e5ffe9

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ClamAV detection 'Pdf.Exploit.Agent-36121' strongly suggests this is a known exploit. The embedded JavaScript is likely responsible for exploiting a PDF viewer vulnerability to download and execute a secondary payload, which is a common attack vector for this type of malware.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `e719f21c2c07c55ddeb296a41d05b1bc4bfa578cc2dc970b0fe6962a7d801ba8`	pdf-javascript-stream	PDF /JS object 7 at offset 0xA84	320 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.