PDF malware analysis — malicious · 275b80ce821df2d3

MALICIOUS

PDF

3.5 KB

MD5: b564da8735010bfaa8a684a6ea17465f SHA-1: a9c2731a894c9fa7eb252df8212cb6d0ed9353f6 SHA-256: 275b80ce821df2d37fc5e328c9abe24217aa4b144617f94ff37c95845cb1a0a3

96 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript and uses obfuscation techniques, including ASCIIHexDecode, which are commonly used to hide malicious code. ClamAV also flagged this file as malware. The presence of JavaScript suggests an attempt to execute arbitrary code, likely to download and run a second-stage payload.

Heuristics 4

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.