PDF malware analysis — malicious · 8aceb1da22f5bd79

MALICIOUS

PDF

6.7 KB Created: 2010-09-01 09:19:50 Authoring application: Coqilzd (via 30339Vezipovade)

MD5: 907a830c47c2c8685429509c72c5527e SHA-1: 2e96665faa0d4dc9a234f91709b7fb4e60852cb1 SHA-256: 8aceb1da22f5bd79e05c7f9cb4eefb05dc885a704e84e653350ee108e5cb9c82

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.002 Spearphishing Attachment

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. This JavaScript is likely used to exploit a vulnerability within the PDF reader, leading to the execution of malicious code. The ClamAV detection of 'Heuristics.PDF.ObfuscatedNameObject' further supports the malicious nature of the file. The SHA256 hash is provided as a primary IOC.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `079179f2b5d2111982b6d25d3e16180f95f8876fd2c529b41f4158f5012771c5`	pdf-javascript-stream	PDF /JS object 11 at offset 0x121D	1942 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.