PDF malware analysis — malicious · 90be05b721548d57

MALICIOUS

PDF

5.4 KB

MD5: 38ec7c5386d0c0c2db37be4d0744bd5d SHA-1: 8cf32472af6b5e6a6e5911e64d31a79b9188fd4c SHA-256: 90be05b721548d5762205fb3cf0ad0a76f11c9f9983c8c3fd064d81260cb80a9

104 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1027 Obfuscated Files or Information

This PDF file contains embedded JavaScript and utilizes obfuscated filters (ASCIIHexDecode and ASCII85Decode) which are commonly used to hide malicious code. The presence of JavaScript actions and streams, combined with ClamAV's detection of an obfuscated name object, strongly indicates that this file is designed to execute a secondary payload. The exact nature of the payload is not discernible from the provided evidence, but the techniques used are typical for PDF-based malware delivery.

Heuristics 5

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.