PDF malware analysis — malicious · f5a1ab570d26dbfb

MALICIOUS

PDF

3.5 KB

MD5: 5456ff8d078b032039372b1503e5c463 SHA-1: b1ab1f8911837c7cc864ec2644bc98bb930cc346 SHA-256: f5a1ab570d26dbfb170ca42829cee439668d54c55438d4aaf491e2f410023346

104 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/Shell Scripting: JavaScript T1566.002 Phishing: Spearphishing Attachment T1027 Obfuscated Files or Information: Obfuscated Files

The PDF file contains embedded JavaScript and utilizes ASCIIHexDecode and ASCII85Decode filters, indicating obfuscation and potential exploit delivery. ClamAV also flagged it as Heuristics.PDF.ObfuscatedNameObject. The presence of JavaScript actions and streams strongly suggests an attempt to execute malicious code, likely to download and run a secondary payload.

Heuristics 5

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.