PDF malware analysis — malicious · c5bd11e66aad8341

MALICIOUS

PDF

3.9 KB

MD5: c2c343602f60927e342656c10512b858 SHA-1: 56b5512261913bdd9cec74f54dc7f0967f449394 SHA-256: c5bd11e66aad8341d5f318952933de1bfa32939d15268d7fd599e337faa535eb

84 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File T1071.001 Web Protocols

The PDF file contains embedded JavaScript, indicated by PDF_JAVASCRIPT and PDF_JS heuristics. The script utilizes unescape() and ASCIIHexDecode, suggesting obfuscation and potential exploit activity. The reconstructed string 'sWOtACFjIAOLHt.swf' likely represents a malicious payload or a component thereof, which the script attempts to download or execute.

Heuristics 5

unescape() call high PDF_UNESCAPE

unescape() found — often used to decode shellcode in PDF JS exploits
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Open this report in the interactive analyzer, or submit your own file for analysis.