Malicious PDF — malware analysis report

Static analysis result for SHA-256 2dbb697199dcb044…

MALICIOUS

PDF

7.6 KB Authoring application: Qimigiwova (via b179eBashemeriwesohitaro)
MD5: 54b55e73b7e00b065d967ac2efe7da07 SHA-1: 7182c6b17ece4f3e097f3f5f0d298eb40ecb36b3 SHA-256: 2dbb697199dcb044f0b6001585f37fe05c3c16d5915a3ab3cf0bd9ad88b309ed
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious Link

The PDF contains embedded JavaScript, as indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ClamAV detection of 'Heuristics.PDF.ObfuscatedNameObject' further confirms its malicious nature. The embedded JavaScript is likely responsible for executing malicious code, potentially downloading further payloads or exploiting vulnerabilities within the PDF reader.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0010_000.js
ed31b16df2b6492a4d5be85b534deca964c2f0e07a8443782787f4ed9c62c93c		 pdf-javascript-stream PDF /JS object 10 at offset 0x1303 3192 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.