Malicious PDF — malware analysis report

Static analysis result for SHA-256 548eb5794e2e205d…

MALICIOUS

PDF

148.7 KB
MD5: 89ccf0c4f485c40642cb8028d8beba31 SHA-1: 874be60ae11bca548f139b95fc59b20d46977bdd SHA-256: 548eb5794e2e205d7baf2cdf03f13b3de96a2f3930c40b0c9efa22e618c89034
100 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link T1204.002 Malicious Link: Malicious File

The PDF file contains a launch action that attempts to trigger an embedded exploit, as indicated by the PDF_LAUNCH heuristic. ClamAV also detected the file as malware due to obfuscated object names, suggesting a deliberate attempt to evade detection. The primary attack vector appears to be exploiting vulnerabilities within the PDF reader.

Heuristics 2

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.