Malicious PDF — malware analysis report

Static analysis result for SHA-256 7b6ea8f7b0af523b…

MALICIOUS

PDF

25.0 KB
MD5: c46317d4e0362a38e0e842d2ca0f9913 SHA-1: a630841a59c991330e755c27d598efcac59aa084 SHA-256: 7b6ea8f7b0af523b8ca41256d35a74e339e765323785f4191c02c7ec49f8ee2c
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings related to PDF and JavaScript. ClamAV also flagged it as Heuristics.PDF.ObfuscatedNameObject, suggesting malicious intent. The embedded JavaScript is likely used to download and execute a second-stage payload, a common technique for PDF-based malware delivery.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.