PDF malware analysis — malicious · ad6de36ab543f1dc

MALICIOUS

PDF

5.4 KB

MD5: 70b28585d70081683c07454e48fdfbae SHA-1: c1b37bf4c1868d5c33aa32b5477835fa99e478bb SHA-256: ad6de36ab543f1dcfd425493b036e1f05a83ae23d49d0200322c220cc291e47a

104 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 Command and Scripting Interpreter: PowerShell T1204.002 Malicious File: User Execution: Malicious File

The PDF file contains obfuscated JavaScript, indicated by multiple heuristic firings related to PDF JavaScript and decoding filters. ClamAV also flagged it as obfuscated malware. The presence of JavaScript suggests an attempt to download and execute a secondary payload, a common technique for initial access.

Heuristics 5

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.