Malicious PDF — malware analysis report

Static analysis result for SHA-256 f49595f3946a1693…

MALICIOUS

PDF

3.5 KB
MD5: 14e413a1c064d13e27c3acad4e3daed9 SHA-1: 3bc2ef01f2e4d2df930eda4fb4d24994ee59259d SHA-256: f49595f3946a1693dadf9ec9c4bdf9abd0eca35054e3f6c310aa7b9d5d47c6a3
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged by ClamAV with 'Heuristics.PDF.ObfuscatedNameObject', indicating obfuscation techniques commonly used to hide malicious content. Static analysis also detected embedded JavaScript actions and streams within the PDF. While the document body is unreadable, the presence of obfuscated JavaScript strongly suggests an attempt to execute malicious code, likely for downloading and executing a second-stage payload or exploiting a PDF reader vulnerability. The exact nature of the script's execution is unclear due to obfuscation.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.