PDF malware analysis — malicious · 3d61b41d21c95e96

MALICIOUS

PDF

6.7 KB Created: 2010-09-03 08:30:37 Authoring application: Xijokanilohova (via 8111bKmgxaloxaxgi)

MD5: 23521cdc047a5920787d6ff799ffaf7f SHA-1: 00fe807043dfd3f81e8b44a6d61198708ac88839 SHA-256: 3d61b41d21c95e965d8fe423f1a92eea35da562fbeb5e2d8baa75e28522f9ba6

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ClamAV detection of 'Heuristics.PDF.ObfuscatedNameObject' further suggests malicious intent. The embedded JavaScript is likely responsible for executing the malicious payload, although its exact function is obscured. The document body is unreadable, providing no further context on the lure.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `d75aba2bc241d027161697fa7aada0bf45c7afe5b58fce1bb0bf66350349f123`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1208	1983 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.