PDF malware analysis — malicious · 427ba280ba84d754

MALICIOUS

PDF

994 B

MD5: 94a3eddb2d146aa50af6fce553284c10 SHA-1: 8439d0f0b73f455ff41baa068c854a5587763d09 SHA-256: 427ba280ba84d7546f57f8b7046758d47133f9e19722c7eb6100228b9b95d315

76 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution

The PDF file contains embedded JavaScript and triggers a critical heuristic for CVE-2009-4324 (media.newPlayer). This indicates the file is designed to exploit this vulnerability to execute arbitrary code. The embedded JavaScript is likely responsible for the malicious payload delivery, though its specific actions are not fully discernible from the provided excerpt.

Heuristics 3

media.newPlayer — CVE-2009-4324 critical CVE exact CVE_2009_4324

PDF JavaScript calls media.newPlayer — CVE-2009-4324 is a use-after-free in Adobe Reader's multimedia plugin triggered by media.newPlayer(). Actively exploited as a zero-day in December 2009.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0005_000.js` `07b7f7bee98cd46a682d6b4c9210dad5bebc848032e08c1a464616cecffbe763`	pdf-javascript-stream	PDF /JS object 5 at offset 0x117	466 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.