PDF malware analysis — malicious · 902c4798319dc32f

MALICIOUS

PDF

108.3 KB

MD5: 61088dd1f2ec8a3cc74a572f5b81fb3a SHA-1: 4321ddef775965b609d816336517cafd98bd4700 SHA-256: 902c4798319dc32f528335d7c6073cf4fb4ab30a853eb60b6560b460bf6620be

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript

The PDF file was detected as malicious by ClamAV with a critical heuristic for obfuscated objects. Static analysis revealed embedded JavaScript, indicating an attempt to execute code. The JavaScript stream is likely responsible for the malicious behavior, potentially downloading or executing a secondary payload, though its exact function is obscured by obfuscation.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0006_000.js` `d5a5f76b94860cb7f126f15c420092e4908d7ddad92e8ab0d25458f04825f07e`	pdf-javascript-stream	PDF /JS object 6 at offset 0x18B	6603 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.