Malicious PDF — malware analysis report

Static analysis result for SHA-256 8aa73487bbd8eaa5…

MALICIOUS

PDF

1.95 MB
MD5: 44d3cc832154741ca405210db9f0e96c SHA-1: 8807ab0547d1c1b526e66d0285757e58c3b060d2 SHA-256: 8aa73487bbd8eaa5742af0db846c14cd4559c55fd10a9184b56a853b37fd56b0
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 JavaScript/JScript

The PDF file contains obfuscated JavaScript, as indicated by multiple heuristic firings including ClamAV's detection of an obfuscated name object. The exact malicious action of the JavaScript could not be determined due to obfuscation, but its presence strongly suggests an attempt to execute malicious code. No specific IOCs were extracted.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.