Malicious PDF — malware analysis report

Static analysis result for SHA-256 559739c280de9baf…

MALICIOUS

PDF

6.2 KB
MD5: 50b72d74a442831923b825976b481f6a SHA-1: 1f7184d681059d8b66b235e7dee10dede70a26b0 SHA-256: 559739c280de9bafe492a748c7f2c015e15abc399e22d78c05ba3e9f001455a6
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript

The PDF contains embedded JavaScript, indicated by multiple heuristic firings including PDF_JAVASCRIPT and PDF_JS. ClamAV also flagged the file as malicious due to obfuscated objects. The embedded JavaScript is likely responsible for executing a secondary payload, though its specific actions are not detailed in the provided evidence.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.