PDF / .TMP malware analysis — malicious · 3a39c43c3e452722

MALICIOUS

PDF / .TMP

7.7 KB Created: 2010-09-20 19:11:33 Authoring application: Zohevileha mobi (via daad0Hasaubvarede)

MD5: d238125d45b225180ae6e1690e8e55f2 SHA-1: 41ac5f9d1963a36d6fb10b03b62ba757eeb49652 SHA-256: 3a39c43c3e452722c12f6e295d6145e35ffa57731b41ec7c599b244e9ae16e4c

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. This JavaScript is likely used to exploit a vulnerability within the PDF reader, leading to the download and execution of a secondary payload. The ClamAV detection of 'Heuristics.PDF.ObfuscatedNameObject' further supports the malicious nature of the file. No specific malware family could be identified.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `cda7f0467bc26f230d71f8f8b7443f40694fba382281f6c57d0de4e979de7f19`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1355	3160 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.