PDF malware analysis — malicious · ac7c466ef640a306

MALICIOUS

PDF

7.3 KB Authoring application: Tooqimeqipigafara (via e0b21Renizaxizo)

MD5: 6a652c3226b5be142e6762629036c96c SHA-1: 5050dbd8f6fc7a6c79b948133ef2c6a2052b2a87 SHA-256: ac7c466ef640a30625443ed21c87bc45d7c8f62ea5e6d788fb61c452b82f98ed

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment

The file is a PDF containing embedded JavaScript, indicated by multiple heuristic firings including 'PDF_JAVASCRIPT' and 'PDF_JS'. The ClamAV detection 'Heuristics.PDF.ObfuscatedNameObject' further suggests malicious intent. The embedded JavaScript stream, though truncated in the provided evidence, is the primary mechanism for executing malicious code. Given the PDF format and the presence of executable script, the likely attack pattern is a phishing lure or exploit delivery.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0010_000.js` `b53e27bbdeba8c818850cc3826b3d643c06114ca0ccd161a827d53f8e26598c4`	pdf-javascript-stream	PDF /JS object 10 at offset 0x130D	2214 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.