Malicious PDF — malware analysis report

Static analysis result for SHA-256 3acaa46d5afbf420…

MALICIOUS

PDF

26.6 KB
MD5: cb13cc8fdc036f604e3431f7c49bb3fc SHA-1: b67a5dfc9a1862cc37e80094fa203fa6b0b3db25 SHA-256: 3acaa46d5afbf42075d789728d68f2f42358592bb291c80af89c696ac8f893b3
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 JavaScript/JScript

The PDF document contains embedded and obfuscated JavaScript, as indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV also flagged the file as Heuristics.PDF.ObfuscatedNameObject, suggesting a deliberate attempt to conceal malicious functionality. The embedded JavaScript is likely responsible for executing the malicious payload, though its specific actions cannot be determined without further analysis.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.