Malicious PDF — malware analysis report

Static analysis result for SHA-256 bd105d2c5d9e5b44…

MALICIOUS

PDF

6.7 KB Created: 2010-09-01 09:19:50 Authoring application: Coqilzd (via f292bVezipovade)
MD5: 75a8c11ed74b8700e30ba01b2819cfeb SHA-1: 5043901ceda701cefb51b02d9c98447fb83f1e1f SHA-256: bd105d2c5d9e5b448e4a9df8757a307e35233481b2b97818db616dc73b0990b6
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The CLAMAV_DETECTION heuristic further confirms its malicious nature. The embedded JavaScript stream is the primary indicator of malicious activity, likely serving as a downloader for a second-stage payload. Due to the obfuscated nature of the document body and lack of specific script content, the exact payload and delivery mechanism cannot be definitively determined, leading to an 'unknown family' classification.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0011_000.js
079179f2b5d2111982b6d25d3e16180f95f8876fd2c529b41f4158f5012771c5		 pdf-javascript-stream PDF /JS object 11 at offset 0x121D 1942 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.