Malicious PDF — malware analysis report

Static analysis result for SHA-256 9dad5909a44ecc1b…

MALICIOUS

PDF

3.5 KB
MD5: 7bb611620c7595549ac0a1ae5b53cbc2 SHA-1: d1e466e254979f1921155ad4fb76adfc7190d993 SHA-256: 9dad5909a44ecc1beee6f5a64e21d4005425e84e24ce85a5cc4496b0ff708ea8
100 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: Malicious PDF T1190 Exploit Public-Facing Application

The PDF sample exploits CVE-2009-4324 using the media.newPlayer object. The unescape() call further indicates obfuscation. While no specific payload or URL is directly extracted, the vulnerability exploitation strongly suggests the PDF is designed to download and execute a secondary malicious component.

Heuristics 2

  • media.newPlayer — CVE-2009-4324 critical CVE exact CVE_2009_4324
    PDF JavaScript calls media.newPlayer — CVE-2009-4324 is a use-after-free in Adobe Reader's multimedia plugin triggered by media.newPlayer(). Actively exploited as a zero-day in December 2009.
  • unescape() call high PDF_UNESCAPE
    unescape() found — often used to decode shellcode in PDF JS exploits

Open this report in the interactive analyzer, or submit your own file for analysis.