PDF malware analysis — malicious · 3214fc7b896f7777

MALICIOUS

PDF

3.5 KB

MD5: 7d58d2a155247367658fb5dd912aff80 SHA-1: 63be5326921c07215d4f04af9d87ee2a524db52a SHA-256: 3214fc7b896f77779bbc5587d46c12720d86d9ec906b98fcae4eae452578d83d

124 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript T1204.002 Malicious File

The PDF sample contains embedded JavaScript, indicated by PDF_JAVASCRIPT and PDF_JS heuristics. High-confidence firings for PDF_EVAL and PDF_UNESCAPE suggest the JavaScript is obfuscated and likely malicious, attempting to execute arbitrary code. The PDF_FILTER_HEX heuristic also points to exploit techniques. The reconstructed JavaScript string suggests it's designed to decode and execute further malicious content, likely a second-stage payload.

Heuristics 6

eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution
unescape() call high PDF_UNESCAPE

unescape() found — often used to decode shellcode in PDF JS exploits
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Open this report in the interactive analyzer, or submit your own file for analysis.