Malicious PDF — malware analysis report

Static analysis result for SHA-256 22a4e9010b4ff44d…

MALICIOUS

PDF

3.6 KB
MD5: 4325b800615e7b2d5fb812a0daeec59e SHA-1: abd0f0e795f8633be8cfdabde5e1faad22f37f33 SHA-256: 22a4e9010b4ff44d1642f326c81d39f614e3f14ec597b731b6c4a9d7bca0ca84
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 Command and Scripting Interpreter: PowerShell

The PDF file contains embedded JavaScript, indicated by heuristic firings for PDF_JAVASCRIPT and PDF_JS. This JavaScript is likely used to execute malicious code, as suggested by the critical ClamAV detection for obfuscated objects. The exact payload and execution method are not detailed, but the presence of JavaScript points to a common technique for delivering malware via PDF documents.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.