PDF malware analysis — malicious · 4841f9674cbf4f06

MALICIOUS

PDF

1.8 KB

MD5: adfa481ae9acc1038b10da2c7a64df61 SHA-1: 9b87bc09ebdc3dc522831d8db6de038ed40c2d1e SHA-256: 4841f9674cbf4f06d78688dfc8da7873e4807c04441c8434793c68a419fefcdf

76 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution T1059.001 Command and Scripting Interpreter: PowerShell

The PDF file contains embedded JavaScript and triggers a critical heuristic for CVE-2008-2992, indicating exploitation via util.printf. The embedded JavaScript is likely responsible for executing the exploit. The primary attack pattern involves luring the user into opening a malicious PDF that leverages this vulnerability.

Heuristics 3

util.printf — CVE-2008-2992 critical CVE exact CVE_2008_2992

PDF JavaScript calls util.printf() — CVE-2008-2992 is a stack buffer overflow in Adobe Reader triggered by a long format-specifier argument. Widely exploited in the wild after disclosure.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0006_000.js` `38c0ca580c0b6d2f7c9fb1f3380044571cff251146872fb7bce8f41515a39ff2`	pdf-javascript-stream	PDF /JS object 6 at offset 0x138	1303 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.