Malicious PDF — malware analysis report

Static analysis result for SHA-256 1e31f1ef095a8610…

MALICIOUS

PDF

5.9 KB
MD5: be6b65fc70a1be125034840cf4f4e44d SHA-1: 2716c9f6640a3c6d10a7020829ba054aa35f710f SHA-256: 1e31f1ef095a86103a8d6142b9889a20a8cc95a182d9b7fc6889dd0591915a3a
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.002 Spearphishing Attachment

The PDF file triggered multiple JavaScript-related heuristics, including 'PDF_JAVASCRIPT' and 'PDF_JS', indicating the presence of embedded and obfuscated JavaScript. ClamAV also flagged it with 'Heuristics.PDF.ObfuscatedNameObject'. While the document body is unreadable and no specific scripts were extracted, the combination of PDF structure and JavaScript suggests an attempt to execute malicious code, likely for exploitation or payload delivery.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.