PDF malware analysis — malicious · d2da65631172acac

MALICIOUS

PDF

1.8 KB

MD5: 89468633ab4579d8594d041a25188631 SHA-1: 6e9841b11a941aeb1c8cfea0f0e74bf902c1dbb9 SHA-256: d2da65631172acace6d5093acef1af5e3b3a7ff122ebee9c375363acbb542488

76 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution: Malicious File

The PDF file contains embedded JavaScript and triggers a CVE-2008-2992 vulnerability via util.printf. This indicates an attempt to exploit a known PDF flaw to execute arbitrary code. The embedded JavaScript is likely responsible for the malicious payload delivery.

Heuristics 3

util.printf — CVE-2008-2992 critical CVE exact CVE_2008_2992

PDF JavaScript calls util.printf() — CVE-2008-2992 is a stack buffer overflow in Adobe Reader triggered by a long format-specifier argument. Widely exploited in the wild after disclosure.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0006_000.js` `977584a75d48146e82c0e87e3a50f00b824ca9f973d613f1bd8650d6e5e55272`	pdf-javascript-stream	PDF /JS object 6 at offset 0x138	1291 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.