Malicious PDF — malware analysis report

Static analysis result for SHA-256 8d83b4443678e385…

MALICIOUS

PDF

302.0 KB Created: 2013-10-11 15:36:51 +02:00 Authoring application: Microsoft® Office PowerPoint® 2007 First seen: 2021-09-16
MD5: 9c55d9c8d464cb90b2e48f5fa7c24819 SHA-1: 98d69bb9ba353749b5ae3fd1c740717df6f0c7e5 SHA-256: 8d83b4443678e3857e86ae68777bcf2dd1e0c34ec880be7e1ae8dd2bc47429f5
100 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1059.007 JavaScript

The PDF file contains a heuristic firing for 'eval()' call, indicating the execution of arbitrary code. ClamAV detection identifies it as 'Unix.Trojan.PhpBackdoor-9354530-2'. The document body is heavily obfuscated and truncated, preventing a clear understanding of its specific lure, but the combination of PDF exploitation and backdoor detection strongly suggests a malicious intent to compromise the system.

Machine Learning

  • Nyx PDF Classifier clean score 0.0181

Heuristics 2

  • ClamAV: Unix.Trojan.PhpBackdoor-9354530-2 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Unix.Trojan.PhpBackdoor-9354530-2
  • eval() call high PDF_EVAL
    eval() found — commonly used for obfuscated exploit execution

Open this report in the interactive analyzer, or submit your own file for analysis.