Malicious PDF — malware analysis report

Static analysis result for SHA-256 836e3991df3dfd62…

MALICIOUS

PDF

45.2 KB
MD5: 18813bb3b9b25d51f4bcb5906f41018d SHA-1: 0a5a27609dd69b726ec05d2fca56aff7378c6d22 SHA-256: 836e3991df3dfd62988bcf945fa1e5ce8be3246d05a3862db83f281dc28b8552
84 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged by ClamAV for obfuscated JavaScript, indicating a malicious intent to hide its functionality. The presence of JavaScript actions and embedded JS streams strongly suggests that the document is designed to download and execute a second-stage payload. The obfuscation makes it difficult to determine the exact nature of the payload or its destination without further dynamic analysis.

Heuristics 4

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Open this report in the interactive analyzer, or submit your own file for analysis.