PDF malware analysis — malicious · 3d3bba024f1a0eed

MALICIOUS

PDF

3.5 KB

MD5: 4ae0c11a28edbdf132cf0eb8e823de74 SHA-1: 426c1e018f7740113f0a137d9610b9959962d0bf SHA-256: 3d3bba024f1a0eedc3fdfc6c4813a05c98514efd960147139f561ce01ba6eafd

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ClamAV detection for Heuristics.PDF.ObfuscatedNameObject further confirms its malicious nature. The embedded JavaScript is likely responsible for executing malicious code, potentially leading to further compromise.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0006_000.js` `8693bc5f6481ecab86832c853b54a5ae110306f474ba543a0accc706d54efc6c`	pdf-javascript-stream	PDF /JS object 6 at offset 0x18B	6603 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.