Malicious PDF — malware analysis report

Static analysis result for SHA-256 e01d2ad63ea7fef1…

MALICIOUS

PDF

11.3 KB
MD5: 9f7a0d9b058e064c25b490c2f4c66597 SHA-1: 483485194ac01bdc7253e70525745df26c04548b SHA-256: e01d2ad63ea7fef1cb541ae96af52b3b98b54419c1a5048cf888f491d6409cd3
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.002 Spearphishing Attachment

The PDF file triggered multiple JavaScript-related heuristics, including obfuscated content. The ClamAV detection 'Heuristics.PDF.ObfuscatedNameObject' further suggests malicious intent through code obfuscation. While no specific URLs or scripts were directly extracted and readable, the presence of embedded JavaScript actions strongly indicates the file's purpose is to execute code, likely for downloading a secondary payload. The lack of readable document body text and scripts limits a more precise assessment.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.