Malicious PDF — malware analysis report

Static analysis result for SHA-256 2f146166e3e5dd2b…

MALICIOUS

PDF

36.2 KB
MD5: c3ac31b1403573152b23365b0f22d383 SHA-1: 29612edee43f2fe0c795e556137145a0336148e7 SHA-256: 2f146166e3e5dd2b20551e339cf0a3631806956056681feeb5349243f57718ce
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file triggered multiple heuristics related to embedded and obfuscated JavaScript. ClamAV also flagged it as malicious due to an obfuscated name object. The presence of JavaScript actions and streams strongly suggests an attempt to execute code, likely for downloading a secondary payload.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.