PDF malware analysis — malicious · 4753dce4d470c66b

MALICIOUS

PDF

7.3 KB Created: 2010-09-16 18:52:20 Authoring application: Qabifagevafa (via 1bcc4Tiqotezozav)

MD5: 9694c315b1b01b6202cb15a54fec5a2f SHA-1: bc5a45d91b2323fca290a1bc7aa0117e84b82bf0 SHA-256: 4753dce4d470c66b2ebed0c25c00da05b6cc317ada5b8cd32bdf5c5ba4d9d221

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment T1027 Obfuscated Files or Information

The file is a PDF with embedded JavaScript, flagged by heuristics as obfuscated and malicious. The presence of JavaScript actions and embedded JS streams indicates an attempt to execute code. The ClamAV detection 'Heuristics.PDF.ObfuscatedNameObject' further supports the malicious nature. The exact intent of the script is unclear due to obfuscation, but it is likely designed to download and execute a secondary payload.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `ff85b44f7d06834e69a161aee8e28b7340c56fef50ee1649100cb6f376ea5386`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1364	2324 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.