PDF malware analysis — malicious · 7f2c55d0ce34bdef

MALICIOUS

PDF

34.0 KB

MD5: c4f3cfe4195469956f7f1f983aefbaaf SHA-1: 06cdc4c6658c1cae94d4147af0f3f74625514e34 SHA-256: 7f2c55d0ce34bdefd721b1d4bfb8ea77d558a73e7869527b185ef8e3b1451442

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript

The PDF file contains embedded and obfuscated JavaScript, as indicated by multiple heuristic firings including ClamAV's detection of Heuristics.PDF.ObfuscatedNameObject. The presence of JavaScript suggests an attempt to execute malicious code, likely for downloading and executing a second-stage payload. Without further analysis of the obfuscated script, the exact functionality remains unclear.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.