PDF malware analysis — malicious · 83ab61c7f6d13295

MALICIOUS

PDF

12.3 KB

MD5: 4102458d46fa80b725d488aaa36e3431 SHA-1: 017bfad9a058cb2f800b461620b96171aa8dbd1a SHA-256: 83ab61c7f6d132953d3f37ade1f1c8665c4df684112d6041dbb983847864f7e8

78 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file contains obfuscated JavaScript, as indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV also flagged it with Heuristics.PDF.ObfuscatedNameObject, suggesting a deliberate attempt to hide malicious content. The embedded JavaScript is likely responsible for executing the malicious payload, though its exact function cannot be determined without further analysis. The differential parser failure also points to an intentionally malformed structure.

Heuristics 4

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Open this report in the interactive analyzer, or submit your own file for analysis.