Malicious PDF — malware analysis report

Static analysis result for SHA-256 955f4e601a94959e…

MALICIOUS

PDF

4.0 KB Authoring application: sli
MD5: 8931583df190df727ee832cb6bb80bdc SHA-1: 0ac9cc47c8539e5aea9ba5d36a8e4798f93a47f3 SHA-256: 955f4e601a94959e3cbad2ba251033e9810507983d838e4c221f74682ccafe6d
76 Risk Score

Malware Insights

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The CLAMAV_DETECTION heuristic further confirms its malicious nature, identifying it as Pdf.Exploit.Dropped-91. The embedded JavaScript is likely responsible for exploiting a vulnerability within the PDF reader to execute malicious code, potentially downloading and running a second-stage payload.

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-91 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-91
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.