MALICIOUS
76
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1566.001 Spearphishing Attachment
T1027 Obfuscated Files or Information
The PDF file exhibits multiple JavaScript-related heuristic firings, including obfuscated content, indicating malicious intent. The presence of embedded JavaScript streams, particularly a large one (javascript_obj0095_003.js), suggests the execution of code to download and run further malicious components. The ClamAV detection of 'Heuristics.PDF.ObfuscatedNameObject' further supports the malicious nature of the file.
Heuristics 3
-
ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTIONClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
-
JavaScript action low PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0092_000.jsbebe294d5cd5b45bf87c4265051d43b3404106a807be0b53017aa46c3f3fd3c8 |
pdf-javascript-stream | PDF /JS object 92 at offset 0xF58E | 165 bytes |
javascript_obj0093_001.jsdf96b7db9a473d84f9a20a99c48f333f2726d0d81575f6a0884312595943ed43 |
pdf-javascript-stream | PDF /JS object 93 at offset 0xF65C | 153 bytes |
javascript_obj0094_002.js91a9b866f71c2056c0539329ec02205a6971cd43c508dd936b99414b17f2db5e |
pdf-javascript-stream | PDF /JS object 94 at offset 0xF72D | 244 bytes |
javascript_obj0095_003.jse7017e94912d8d12cd6bec0e2e2bb1817fe648b50ed531363e6b3e46700f899d |
pdf-javascript-stream | PDF /JS object 95 at offset 0xF82B | 23901 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.