PDF malware analysis — malicious · cba7d3ebffe65941

MALICIOUS

PDF

5.4 KB

MD5: 60f027e6c9a3025a7755e4f07cb80b20 SHA-1: 5890c1f288034f0a7a22b258101da9dbd4b8d5c9 SHA-256: cba7d3ebffe659414c5c64ae802c5f2105b99fefb02ed965b63c70bf2c83f9be

104 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

This PDF file contains embedded JavaScript and utilizes obfuscated filters (ASCIIHexDecode, ASCII85Decode) which are common techniques for delivering malicious payloads. The ClamAV detection 'Heuristics.PDF.ObfuscatedNameObject' further indicates malicious intent. The primary attack pattern involves exploiting PDF vulnerabilities to execute arbitrary code, likely leading to a second-stage download.

Heuristics 5

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.