Malicious PDF — malware analysis report

Static analysis result for SHA-256 c4378a3c354ebb5f…

MALICIOUS

PDF

601 B
MD5: 9299ca064e48cc3970eec3088383f54c SHA-1: 0d382beca60ad54bc5aaaa41925c25d117f46541 SHA-256: c4378a3c354ebb5f4a1b302ed87de281360244605d01ad00489683eca66af324
76 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: Malicious File

The PDF file contains embedded JavaScript with an eval() call, indicating an attempt to execute arbitrary code. The use of ASCIIHexDecode filter further suggests an exploit is present. The primary function appears to be the execution of JavaScript, likely to download and run a second-stage payload, which is a common technique for initial access.

Heuristics 4

  • eval() call high PDF_EVAL
    eval() found — commonly used for obfuscated exploit execution (matched inside decoded stream)
  • ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX
    Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.