PDF malware analysis — malicious · 3309b241be0ad792

MALICIOUS

PDF

7.5 KB Authoring application: Jgaxivakafowizasi (via df868Uohosicilab)

MD5: 55d27955841f347ea740ec4f066d1c65 SHA-1: 7e7afd9d6579c4b6faec493b293e687440b5521e SHA-256: 3309b241be0ad792d30242ffaf1b7357b57037faf09f20f0844ae8dbbba09728

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics, and flagged by ClamAV as Heuristics.PDF.ObfuscatedNameObject. The embedded JavaScript stream is the primary mechanism for executing malicious actions. While the exact behavior of the script is obfuscated, its presence strongly suggests it's designed to download and execute a secondary payload, a common technique for initial access and further compromise. The document body is unreadable due to encoding issues, preventing a more specific analysis of the lure.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `c35f939b8b08b4458e4f2307d4bfd0afc23546c955e11c1da88e87302e40c9b0`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1358	3029 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.