PDF malware analysis — malicious · 3f9f3540243b3f08

MALICIOUS

PDF

5.5 KB

MD5: 5f930f62a366a64dc90d80df2fb004f6 SHA-1: 9fb993fde7272cb8cffa2dcf31b4684c9fa31a8c SHA-256: 3f9f3540243b3f0867283cd4f98411f2b4aa153740ce380d974d3432e5789e8a

104 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.002 Spearphishing Attachment T1140 Deobfuscate/Decode Files or Information

This PDF file exhibits malicious characteristics through the presence of embedded JavaScript and the use of obfuscated filters like ASCIIHexDecode and ASCII85Decode, which are commonly employed to hide malicious code. ClamAV also flagged it as Heuristics.PDF.ObfuscatedNameObject, indicating a high likelihood of malicious intent. The combination of these factors suggests the PDF is designed to exploit vulnerabilities or trick the user into executing a harmful payload.

Heuristics 5

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.