Malicious PDF — malware analysis report

Static analysis result for SHA-256 a11d3baeb575c6f1…

MALICIOUS

PDF

12.3 KB
MD5: 0ffc10062aa5d35737bfd9f6e4391b38 SHA-1: 71768847f70c8d279232cc7507d4ec8c3026beb7 SHA-256: a11d3baeb575c6f1ca18450e621bd5f9bb683a7ad00546f54ca26e803ece8479
78 Risk Score

Malware Insights

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV also flagged it as Heuristics.PDF.ObfuscatedNameObject, suggesting malicious intent. The JavaScript is likely used to exploit vulnerabilities or download further malicious content, though the specific execution method is not detailed in the provided heuristics.

Heuristics 4

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED
    The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Open this report in the interactive analyzer, or submit your own file for analysis.