PDF / .TMP malware analysis — malicious · 58312c189a41dd24

MALICIOUS

PDF / .TMP

1.95 MB

MD5: 9bb8afe9041261651bdabc85f5495376 SHA-1: 1ed0983048e9f59c887da505b7a8e0ff0e549515 SHA-256: 58312c189a41dd24d1a2b6dd102ab12e1eff13334520d9370a271e734fe5c8cf

104 Risk Score

Malware Insights

MITRE ATT&CK

T1027 Obfuscated Files or Information

The PDF file contains embedded JavaScript and utilizes obfuscated filters (ASCIIHexDecode, ASCII85Decode) which are indicative of malicious intent. ClamAV also flagged this file due to obfuscated naming objects. The combination of these factors suggests the PDF is designed to execute malicious code, likely to download and run a secondary payload.

Heuristics 5

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.