Malicious PDF — malware analysis report

Static analysis result for SHA-256 cb07eff14795e1f1…

MALICIOUS

PDF

24.5 KB
MD5: 577789f8a152010326958eb5468f65c5 SHA-1: e4e747517008ef632ad9fdf63a0750f610e379bf SHA-256: cb07eff14795e1f192d5ee0e179eff20acd458ee45a3c37ec8d8a5daecef4cb3
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 JavaScript/JScript

The PDF file contains embedded and obfuscated JavaScript, as indicated by the heuristic firings. This JavaScript is likely responsible for executing the malicious payload. ClamAV also flagged the file due to obfuscated objects, further supporting its malicious nature.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.