Malicious PDF — malware analysis report

Static analysis result for SHA-256 53339fb829ea2b36…

MALICIOUS

PDF

11.2 KB
MD5: 72973db9a17d9aa6157316aad56a9fa9 SHA-1: 3bf7143e24d31f8a8caf30a9a8b6e82dd3fe6ef7 SHA-256: 53339fb829ea2b366395d9dba3199386d492418f2a9e4be020d6b6d6f4424a0d
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged by ClamAV with 'Heuristics.PDF.ObfuscatedNameObject', indicating malicious obfuscation techniques. Heuristics also detected embedded JavaScript actions and streams. While no specific URLs or scripts were extracted, the presence of obfuscated JavaScript strongly suggests the PDF is designed to download and execute a second-stage payload. The confidence is moderate due to the lack of directly observable malicious code or network indicators.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.