Malicious PDF / .TMP — malware analysis report

Static analysis result for SHA-256 b2e424b40d71bc7c…

MALICIOUS

PDF / .TMP

1.95 MB
MD5: 726bf64b35136f88d6d4c56ca7ff53b3 SHA-1: 3365f3a3b538f4f41639d728f01dbb2313d38520 SHA-256: b2e424b40d71bc7c2a780eaf249dec69d2d958d56faadbe1f6ba3878543e7393
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV also flagged it as Heuristics.PDF.ObfuscatedNameObject, suggesting malicious intent. The embedded JavaScript is likely responsible for obfuscated actions within the document, potentially leading to further malicious activity. Due to the obfuscation and lack of specific script content, the exact payload and delivery mechanism remain unclear.

Heuristics 4

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://ns.adobe.com/xap/1.0/
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/rights/
    • http://ns.adobe.com/photoshop/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/sType/ResourceEvent#
    • http://ns.adobe.com/xap/1.0/sType/ResourceRef#
    • http://ns.adobe.com/tiff/1.0/
    • http://ns.adobe.com/exif/1.0/
    • http://www.gettyimages.com
    • http://ns.adobe.com/xap/1.0/g/img/
    • http://ns.adobe.com/pdf/1.3/

Extracted artifacts 6

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_cff_off000053e6.bin
e8060237090a52fc41c5ee0e63c345da61249e0853a4ec14765e84957bee17f1		 pdf-font-stream PDF embedded font (cff) at offset 0x53E6 3172 bytes
font_01_cff_off00006dd0.bin
f8b5810a1e93fb274adeb3675d04868574811c6d50ba42113f0840d3a87cec84		 pdf-font-stream PDF embedded font (cff) at offset 0x6DD0 2067 bytes
font_02_cff_off00007698.bin
0ad79096dd0887bb77e0fedf9311a4008cf8f32520a1a5ea929181b1ab578196		 pdf-font-stream PDF embedded font (cff) at offset 0x7698 4216 bytes
font_03_cff_off000084d7.bin
476918fb89568425344b889ba0d53fb420586b5e6a7c8c62f08284ef405c8eb2		 pdf-font-stream PDF embedded font (cff) at offset 0x84D7 927 bytes
font_04_cff_off00008899.bin
09e2265314c5c2c3f76a5752620564f13d611ad5a97f54011f0358567e6baec9		 pdf-font-stream PDF embedded font (cff) at offset 0x8899 520 bytes
font_05_cff_off00008bf7.bin
912a669701ce279a5c7ed622fe99f6788b79446e637921b9fc877ba469fd13a8		 pdf-font-stream PDF embedded font (cff) at offset 0x8BF7 2460 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.