PDF malware analysis — malicious · 85d6c50242ddd31f

MALICIOUS

PDF

7.3 KB Created: 2010-09-16 18:52:20 Authoring application: Qabifagevafa (via 91930Tiqotezozav)

MD5: 6dc8cbf399d1a8d03dc8b2cc2af799e7 SHA-1: 854fdfa39ec73ba54e18d14578321c0d2209810e SHA-256: 85d6c50242ddd31f3d904e534a9c00532b6d7e6ec9cb494a023d585d2bbc64ae

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment

The PDF file was detected as malicious by ClamAV due to obfuscated JavaScript content. The presence of embedded JavaScript streams and actions indicates an attempt to execute code upon opening the document. The exact intent of the script is unclear due to obfuscation, but it is likely designed to download and execute a secondary payload.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `ff85b44f7d06834e69a161aee8e28b7340c56fef50ee1649100cb6f376ea5386`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1364	2324 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.