PDF malware analysis — malicious · a250f23255744ef4

MALICIOUS

PDF

6.5 KB Created: 2010-08-28 07:57:24 Authoring application: Sejegageiqesoy (via f68d0Golbohoro sazi)

MD5: aa78c4476992fb00d0b273a233b5e3f5 SHA-1: 2ba6f9e4f19ff9f7e94294117fa8b0951ba34c84 SHA-256: a250f23255744ef40df458d51708db7f61daec09d3590b3d70b3c29011e89289

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The file is a PDF containing obfuscated JavaScript, as indicated by the 'PDF_JAVASCRIPT' and 'PDF_JS' heuristics, and a critical ClamAV detection for 'Heuristics.PDF.ObfuscatedNameObject'. The embedded JavaScript is likely designed to exploit a vulnerability within the PDF viewer to download and execute a secondary payload. The exact nature of the exploit and payload cannot be determined due to obfuscation, leading to a lower confidence score and an unknown family attribution.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0010_000.js` `aac1b797b7f4df3946f776d0024554d1424521045e1cc32853762bfc85b57b27`	pdf-javascript-stream	PDF /JS object 10 at offset 0x118D	1781 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.