PDF malware analysis — malicious · 23bbb72c3e1676d1

MALICIOUS

PDF

34.7 KB

MD5: c293f0b19a1f7366e1c097dd48f7cdfd SHA-1: ed26ac3f568e3469d859dcd548d050dce25995de SHA-256: 23bbb72c3e1676d198af85d17d062e878beda6ba21a653d0a24b3c657e870b67

78 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file contains obfuscated JavaScript, as indicated by the PDF_JAVASCRIPT and PDF_JS heuristic firings. ClamAV also flagged this file as malicious due to obfuscated objects. The presence of JavaScript suggests an attempt to execute malicious code, likely for downloading further payloads or exploiting vulnerabilities. The exact intent of the script cannot be determined due to obfuscation.

Heuristics 4

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Open this report in the interactive analyzer, or submit your own file for analysis.