PDF malware analysis — malicious · eadc9b9f070dedd0

MALICIOUS

PDF

1.4 KB

MD5: 604baf11386e8c96206caea56ccaa015 SHA-1: e028b390da8a663edeccf6b5c077b24bc778823e SHA-256: eadc9b9f070dedd0d8d31cf66f63af3682d4b8f3fa611d583747a0ac846aef73

84 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings including PDF_JAVASCRIPT and PDF_JS. The presence of PDF_UNESCAPE and PDF_FILTER_HEX with exploit indicators suggests an attempt to obfuscate and execute malicious code. The JavaScript likely uses the unescape function to decode and execute a payload, potentially downloading further malware. The document body contains fragments that appear to be related to JavaScript execution.

Heuristics 5

unescape() call high PDF_UNESCAPE

unescape() found — often used to decode shellcode in PDF JS exploits
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Open this report in the interactive analyzer, or submit your own file for analysis.