Malicious PDF — malware analysis report

Static analysis result for SHA-256 32031ce4cb82b2f1…

MALICIOUS

PDF

41.5 KB
MD5: 2d24c2de8c6f9c54366f763e2174a03e SHA-1: a9aaa978621e1cf58b567cde8e5e311d63816976 SHA-256: 32031ce4cb82b2f16e7ed7924a58be3a2f32746e24e6193778e13ff1cb2a93f1
84 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains embedded JavaScript and is flagged by ClamAV for obfuscated objects, indicating malicious intent. The JavaScript is likely responsible for executing further malicious code or downloading additional payloads. The presence of XFA forms and JavaScript actions points towards a complex, potentially exploit-driven delivery mechanism.

Heuristics 5

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ns.adobe.com/xdp/
    • http://www.xfa.org/schema/xci/2.6/
    • http://www.xfa.org/schema/xfa-template/2.6/

Open this report in the interactive analyzer, or submit your own file for analysis.