PDF malware analysis — malicious · d21ebd3b08f01026

MALICIOUS

PDF

6.5 KB Created: 2010-08-28 07:57:24 Authoring application: Sejegageiqesoy (via 9fc89Golbohoro sazi)

MD5: b81ba870de795e5554b0a8392f5ccd7e SHA-1: 5edc33fa99affc626ff780b3057f707adf7fd76d SHA-256: d21ebd3b08f010269c9b01cca28fe31701625a5c4d699c9b20ee973e0f12fc98

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ClamAV detection Heuristics.PDF.ObfuscatedNameObject further suggests malicious intent. The embedded JavaScript is likely designed to exploit a vulnerability within the PDF reader to execute arbitrary code, potentially downloading a second-stage payload. The document body is heavily obfuscated and unreadable, providing no direct clues to the lure.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0010_000.js` `aac1b797b7f4df3946f776d0024554d1424521045e1cc32853762bfc85b57b27`	pdf-javascript-stream	PDF /JS object 10 at offset 0x118D	1781 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.