PDF malware analysis — malicious · e1349e3f0554694c

MALICIOUS

PDF

3.7 KB

MD5: 06856be40c840b7f71764f7b6414385c SHA-1: bf1f2127ce1e80b8cb9ad180648331553034a25f SHA-256: e1349e3f0554694c0e66a8e41a6c39bef485bdca0808e172a553d2f0e31ab88f

84 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF file contains embedded JavaScript with an eval() call, indicating an attempt to execute arbitrary code. The presence of ASCIIHexDecode filter with exploit indicators further suggests a vulnerability is being leveraged. The script's purpose is likely to download and execute a second-stage payload, though the exact mechanism is obfuscated.

Heuristics 5

eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Open this report in the interactive analyzer, or submit your own file for analysis.