PDF malware analysis — malicious · 53b5689b437d6d49

MALICIOUS

PDF

1.4 KB

MD5: 9626d9e2dd2fed562e853c94dcf92060 SHA-1: 0dbda1d517c7948ce6478b37f0f415f6fdbaf459 SHA-256: 53b5689b437d6d49fbc202d1f73d9adb7a8d46c2e0d9b1334c9524dcae3e934d

84 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript with an eval() call, indicating an attempt to execute arbitrary code. The JavaScript stream also references a file named 'VFnPQmbNQQIdQJV.swf', which is likely a secondary payload. The presence of ASCIIHexDecode filter with exploit indicators further supports malicious intent. The primary attack pattern is code execution via embedded JavaScript.

Heuristics 5

eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Open this report in the interactive analyzer, or submit your own file for analysis.