PDF malware analysis — malicious · 2fa29aacc1dc4c58

MALICIOUS

PDF

22.2 KB Created: 2009-04-24 09:54:29 +02:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 7.0.5 (Windows))

MD5: 578ba035ec21cef48ab76a0e74b6fd3a SHA-1: 6b1292253a0364157c1970c9bd405c4b416fd233 SHA-256: 2fa29aacc1dc4c58d8a1d83e309c33161270148c44439272f7cc44c126c1d289

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The file is a PDF containing obfuscated JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ClamAV detection 'Heuristics.PDF.ObfuscatedNameObject' further supports the malicious nature. The JavaScript is heavily obfuscated, making its exact function difficult to determine, but it is likely designed to download and execute a secondary payload or exploit a vulnerability within the PDF reader. The document body contains metadata that appears to be remnants of the document creation process rather than user-facing content.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.