PDF malware analysis — malicious · e1a2bde4d89a9f10

MALICIOUS

PDF

10.9 KB

MD5: 500c584b5fd5c96dc2dbb38834017459 SHA-1: dc8fa6395b8f8187c4aa562846bfea66b254c954 SHA-256: e1a2bde4d89a9f10467e9a886c9450d4d50869de8462546bacbc751ee23ca629

78 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file contains embedded and obfuscated JavaScript, as indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. ClamAV also flagged it with 'Heuristics.PDF.ObfuscatedNameObject'. While the exact script functionality is obscured, such embedded JavaScript in PDFs commonly serves to download and execute further malicious content. The lack of a document body makes it difficult to determine a specific lure, but the technical indicators point to a downloader or dropper.

Heuristics 4

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Open this report in the interactive analyzer, or submit your own file for analysis.