PDF malware analysis — malicious · f0845b79b9bbda8c

MALICIOUS

PDF

3.5 KB

MD5: 462c4d7f89a1a40fe213f77ece0b5d80 SHA-1: ce458b059141e06f7829eec85a4ba82ee792b116 SHA-256: f0845b79b9bbda8c4d8d2d52cf1ee21fc7b1891c1be8913563d534460cab7a49

104 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 Command and Scripting Interpreter: PowerShell T1566.002 Phishing: Spearphishing with Malicious Attachment T1204.002 Malicious File Execution: Malicious File

This PDF file exhibits multiple indicators of malicious intent, including the presence of embedded JavaScript and the use of obfuscation filters like ASCIIHexDecode and ASCII85Decode. ClamAV also flagged it with a critical heuristic for obfuscated name objects. The combination of these factors strongly suggests the PDF is designed to execute malicious JavaScript, likely to download and run a secondary payload.

Heuristics 5

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.