PDF malware analysis — malicious · c620b209197dd127

MALICIOUS

PDF

6.5 KB Created: 2010-08-28 07:57:24 Authoring application: Sejegageiqesoy (via 53184Golbohoro sazi)

MD5: 3feba0f8eab4dceae3f2f08cbfe3d521 SHA-1: e0d42dc83b221515ce222d7254cf477ad0680be0 SHA-256: c620b209197dd1272f80c428104027bdb0717f3b18d91efac477ce3f47b939a5

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the 'PDF_JAVASCRIPT' and 'PDF_JS' heuristic firings. The 'ClamAV: Heuristics.PDF.ObfuscatedNameObject' detection further suggests malicious obfuscation within the PDF structure. The embedded JavaScript is likely responsible for exploiting a vulnerability within the PDF reader to execute arbitrary code, leading to the malicious verdict. No specific family could be identified due to the generic nature of the findings.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0010_000.js` `aac1b797b7f4df3946f776d0024554d1424521045e1cc32853762bfc85b57b27`	pdf-javascript-stream	PDF /JS object 10 at offset 0x118D	1781 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.