PDF malware analysis — malicious · b98ac85043ea8050

MALICIOUS

PDF

7.3 KB Created: 2010-09-16 18:52:20 Authoring application: Qabifagevafa (via 566dcTiqotezozav)

MD5: ff189261914eb7c0c56665133c5fc753 SHA-1: c3c4e697c461e9f9cc58283035f903a2c544b3ab SHA-256: b98ac85043ea805047c10be84f082e071d2ab305893906db926a0f64ada13e89

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment

The file is a PDF document identified as malicious by ClamAV due to obfuscated JavaScript content. The presence of embedded JavaScript actions and streams indicates an attempt to execute code upon opening the document. The primary attack pattern involves leveraging these embedded scripts to deliver a malicious payload, likely through a spearphishing attachment. The exact nature of the payload is not discernible from the provided evidence.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `ff85b44f7d06834e69a161aee8e28b7340c56fef50ee1649100cb6f376ea5386`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1364	2324 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.