PDF malware analysis — malicious · 3637ea25648a0c79

MALICIOUS

PDF

7.1 KB Authoring application: Wezolokofecpo (via 38091Nworeticakebi)

MD5: 52df27371864d4304d8e524e5ef37101 SHA-1: b40afe985202403676c459a35d710f907c35db31 SHA-256: 3637ea25648a0c792cd1e21542d5b52e88e671736b564e3b5a67dc6572a9fd08

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment

The PDF file was flagged by ClamAV with a critical heuristic indicating obfuscated JavaScript. The presence of embedded JavaScript streams and actions strongly suggests that the document is designed to execute malicious code upon opening. The obfuscation makes it difficult to determine the exact payload, but the intent is likely to download and execute a second-stage payload.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `437a5d40b54247c17dfb3ac60e39d3ecfad672a269694af1851a077d9726a8d2`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1342	2272 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.