PDF malware analysis — malicious · f4936429a1ea1a03

MALICIOUS

PDF

5.0 KB

MD5: 8a56fa2b68d935eaf31d5b2ea5bb312a SHA-1: 618b0aee61870605f41a05d14a90a38b3527c8b1 SHA-256: f4936429a1ea1a038d1b2ae816aea107d15feba95a1f1d58b4065c888747ecaa

84 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript T1559.001 Component Object Model Hijacking

The PDF file contains embedded JavaScript and utilizes ASCII85Decode filters, which are common indicators of PDF exploits. ClamAV detected this file as 'Pdf.Exploit.Agent-19512', strongly suggesting it's a malicious PDF designed to exploit a vulnerability. The embedded JavaScript is likely responsible for initiating the exploit chain, potentially downloading and executing a secondary payload.

Heuristics 4

ClamAV: Pdf.Exploit.Agent-19512 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-19512
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.