PDF malware analysis — malicious · 5a13e4631fffc735

MALICIOUS

PDF

19.0 KB Created: 1*õãD,Û¼°ðÆ4Õ=b2»e(×¤1jó@¨´¥íýì¨ÆWÞsF Authoring application: 1*õãD,Û¼°ðÆ¶!ù¡õrF#!%p¯ ìCÆäª5JÈÀåÖýb.²+íÝ_ußo

MD5: 7fde7ecf922bcf7b11965dfdeb679a7a SHA-1: 310b2d029098e1c79d2d33369ae029ba86e91ad5 SHA-256: 5a13e4631fffc7357c7ae70c63ab2864f341c6c1f47c59dc8c69337c22370b90

90 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF contains a remote GoTo action, indicating an attempt to redirect the user to an external resource. The document body is heavily obfuscated and unreadable, preventing a more detailed analysis of its specific lure. The ClamAV heuristic for obfuscated objects further supports the malicious nature of the file.

Heuristics 4

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
Remote GoTo action medium PDF_GOTO_REMOTE

PDF references a remote or embedded document via GoToR/GoToE with an extension-less or unresolved target
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTED

PDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.

Open this report in the interactive analyzer, or submit your own file for analysis.