Malicious PDF — malware analysis report

Static analysis result for SHA-256 56d5dcaf9b9d90c5…

MALICIOUS

PDF

69.8 KB
MD5: 5c5de92d6f98fb7e4e3f4d963a627b33 SHA-1: 706714437145b404b482a1b0d1dcecef5d15d9ff SHA-256: 56d5dcaf9b9d90c5aa50fb8e416f4aed9776f476b1439d85460d0972b3bb1a10
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ClamAV detection further confirms its malicious nature. The embedded JavaScript stream is likely responsible for executing malicious code or downloading further payloads. The presence of an embedded URL suggests a potential delivery or command-and-control channel.

Heuristics 4

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.bitstream.com

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0012_000.js
e87794335bb73348745e23b86c324734f5816a469b614abb5c7964c7f447580b		 pdf-javascript-stream PDF /JS object 12 at offset 0x105F8 3799 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.