PDF malware analysis — malicious · 325d9561f3a55a4b

MALICIOUS

PDF

12.3 KB

MD5: 9e6a8fb1a8142c3a61451b955555966c SHA-1: d762d5d6416a01d58fcd33fe8538f23337987044 SHA-256: 325d9561f3a55a4bb2d2a6fe8831b4535031ea3a5befe52f4246d0448fa5a3dc

78 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV also flagged it as Heuristics.PDF.ObfuscatedNameObject, suggesting obfuscation techniques are in use. The embedded JavaScript is likely responsible for executing the malicious payload, although its specific actions could not be determined due to obfuscation. The file's purpose is to deliver a malicious payload via JavaScript execution within the PDF.

Heuristics 4

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Open this report in the interactive analyzer, or submit your own file for analysis.