PDF malware analysis — malicious · 981f7aa8553b5617

MALICIOUS

PDF

7.3 KB Created: 2010-09-16 18:52:20 Authoring application: Qabifagevafa (via 86921Tiqotezozav)

MD5: 7a5946ebe60e59613ab7b42f97d99747 SHA-1: dc018fdb7e22e71d4757b94fe1ac5b8e4327d60a SHA-256: 981f7aa8553b5617792da7cd1b1635767dcd40c0e41173da6a47866c57fba3ed

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment T1027 Obfuscated Files or Information

The PDF file exhibits characteristics of malicious intent, specifically through the presence of embedded and obfuscated JavaScript. The ClamAV heuristic 'Heuristics.PDF.ObfuscatedNameObject' strongly suggests malicious code execution is intended. The embedded JavaScript stream, 'javascript_obj0011_000.js', is the primary mechanism for this execution, likely serving to download and run a secondary payload.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `ff85b44f7d06834e69a161aee8e28b7340c56fef50ee1649100cb6f376ea5386`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1364	2324 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.