PDF malware analysis — malicious · c4bf614cca817b30

MALICIOUS

PDF

5.1 KB

MD5: 93ca54861bcb1b7419c4fd54ac40a1a8 SHA-1: 9f4d84f7ea3501187e12dc303e9ebe07e65dc23d SHA-256: c4bf614cca817b3027fea363228f1fc2fd6970ada8b6100204e825ca6d7ba8a7

84 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains multiple indicators of malicious activity, including embedded JavaScript, a RichMedia (Flash) object, and the use of ASCIIHexDecode filters, which are often used to obfuscate malicious content. The embedded JavaScript appears to be obfuscated and attempts to evaluate a string that includes 'QqsaautzYsQ.swf', suggesting it may be designed to download and execute a Flash-based payload. The reconstructed JavaScript string is included as an IOC.

Heuristics 5

RichMedia (Flash) high PDF_RICHMEDIA

PDF contains /RichMedia (Adobe Flash) which is a historic exploit vector
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Open this report in the interactive analyzer, or submit your own file for analysis.