PDF malware analysis — malicious · ce90d47da2511806

MALICIOUS

PDF

6.7 KB Created: 2010-08-28 07:57:17 Authoring application: Rgipejotihaqomelevo (via b3ebfRinolatarhe)

MD5: 4f9c6f9d48a4ce7fd6ff02ed1831b2ca SHA-1: 69a69c18dacc637be9eb5787681d9d11c083a11e SHA-256: ce90d47da251180687ea09b745732a84a4b47c6f716e427b1be61fe298bf804d

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file exhibits characteristics of malicious intent due to the presence of obfuscated JavaScript within an embedded stream. The ClamAV heuristic 'Heuristics.PDF.ObfuscatedNameObject' further supports this assessment. The embedded JavaScript is likely designed to execute malicious code, potentially downloading further payloads or exploiting vulnerabilities, although its exact function is obscured by obfuscation. The confidence is moderate due to the lack of specific IOCs and the obfuscated nature of the script.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `a9555a2f0ea50961fc938575406c2e91665cf88b3a765259271915271ad077c8`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1213	1857 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.