Malicious PDF / .TMP — malware analysis report

Static analysis result for SHA-256 97419e6e6736e7b7…

MALICIOUS

PDF / .TMP

1.95 MB
MD5: 3c0855ff8a67b576f7fcf2f84c68b036 SHA-1: b2bf691591c8fa2f78d68ad712b92694464d1b2a SHA-256: 97419e6e6736e7b71203f04dd5bfb6efdb163c52e3ec202aca86b1becfa3f43c
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 JavaScript/Shell Script Execution: JavaScript

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV also flagged it with Heuristics.PDF.ObfuscatedNameObject, suggesting obfuscation techniques are in use. The presence of JavaScript points to an attempt to execute arbitrary code, likely for malicious purposes such as downloading further payloads.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.