Malicious PDF — malware analysis report

Static analysis result for SHA-256 f93e095343773813…

MALICIOUS

PDF

3.3 KB
MD5: 6a6304286d119a07f7fa4d5c80bd9e1d SHA-1: a9dd73870e00552d901fed8ab0c6a0b20f502861 SHA-256: f93e0953437738136d7e1fcec5c587558fbe2c7137758cfed6a0f1d653cc75eb
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV detection as 'Pdf.Exploit.Agent-36121' confirms its malicious nature. The embedded JavaScript is likely responsible for executing an exploit, though its specific function cannot be determined due to obfuscation or truncation. No specific IOCs were extracted beyond the file itself.

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36121
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0007_000.js
10d3482bb3d17d4ff7f24ea0dd3fcc7fe8a5fdd60bb3cd17bf996e7ff0b83c93		 pdf-javascript-stream PDF /JS object 7 at offset 0xA87 307 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.