PDF malware analysis — malicious · 76e47f893dce095f

MALICIOUS

PDF

7.5 KB Authoring application: Jgaxivakafowizasi (via 3bf39Uohosicilab)

MD5: 4ca555945b5fadc2c5ca673ac2fc20c0 SHA-1: a3ea7d8d2364a69f0203330d41f0f6c4b1c0f160 SHA-256: 76e47f893dce095f10da7c4387c99b7bdad5f176bccb30e508a5aa35e3103700

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.002 Spearphishing Attachment

The PDF contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ClamAV detection for 'Heuristics.PDF.ObfuscatedNameObject' further suggests malicious intent. While the document body is unreadable, the presence of JavaScript points to an attempt to execute malicious code, likely for exploitation or payload delivery. No specific IOCs were extracted from the readable parts of the evidence.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `c35f939b8b08b4458e4f2307d4bfd0afc23546c955e11c1da88e87302e40c9b0`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1358	3029 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.