Malicious PDF / .HTM — malware analysis report

Static analysis result for SHA-256 b1631ba8ccc4a997…

MALICIOUS

PDF / .HTM

5.8 KB
MD5: 474678f26456f5516a8eb5e0519a6806 SHA-1: 74f940f6703a768c2de00c251c3f7c45658937d6 SHA-256: b1631ba8ccc4a997b1ccb321dec02afcefe5e84432d4ee498c1d6f4ba0b9f353
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 JavaScript/Shell

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV also flagged it as Heuristics.PDF.ObfuscatedNameObject. The JavaScript is likely obfuscated and intended to execute malicious code, although the specific payload could not be determined from the provided evidence. The DOC BODY content was unreadable.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.