PDF malware analysis — malicious · 84e93a4006b17506

MALICIOUS

PDF

5.5 KB

MD5: 3dc320c0c26327e3523e0e16eea88122 SHA-1: 7c24e366452815b63758f175416b4fc98df01b44 SHA-256: 84e93a4006b175061fc69420d8be4eafa38a9c696c17d4e3a62890a07c8448f9

104 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing with Malicious Attachment

The PDF file contains obfuscated JavaScript, indicated by multiple heuristic firings related to PDF JavaScript and filters. ClamAV also flagged it as Heuristics.PDF.ObfuscatedNameObject. The presence of JavaScript actions and embedded JS streams suggests an attempt to execute malicious code, likely to download and run a second-stage payload.

Heuristics 5

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.