Malicious PDF — malware analysis report

Static analysis result for SHA-256 4f2c11d8ed0dc3bb…

MALICIOUS

PDF

5.7 KB
MD5: 32fe4a5bb981a3dd0dcc1f7447c483bc SHA-1: baa0ca9c5e172960275138b962aa041a929d21d4 SHA-256: 4f2c11d8ed0dc3bb7ceea98837df2c6dda43c4e7b9805bf124adcea33990e8d5
76 Risk Score

Malware Insights

The PDF file contains embedded and obfuscated JavaScript, as indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV also flagged the file due to obfuscated objects. The presence of JavaScript strongly suggests an attempt to execute malicious code, likely to download and run a secondary payload.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.