PDF malware analysis — malicious · 1be8a4e7e181c8d1

MALICIOUS

PDF

1.4 KB

MD5: b34798a1a27398a9dd076d1befe472df SHA-1: 98baf228027e24a1d9e279bcf260871ba9d5d370 SHA-256: 1be8a4e7e181c8d1f9e9966d92308626fe8810d078406d4654b120c1333b2a91

84 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution: Malicious File

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings including PDF_JAVASCRIPT, PDF_JS, and PDF_EVAL. The eval() call within the JavaScript is a strong indicator of malicious intent, likely to execute arbitrary code. The presence of ASCIIHexDecode filter with exploit indicators further suggests an attempt to exploit a PDF vulnerability. The file's purpose is to leverage these elements to execute malicious code.

Heuristics 5

eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Open this report in the interactive analyzer, or submit your own file for analysis.