PDF malware analysis — malicious · f797b2a8bb508225

MALICIOUS

PDF

8.0 KB

MD5: 900eaca1281c8917812adde8b72f5afc SHA-1: 92683f515cb817fddddedf9db7c383c2f1d078a9 SHA-256: f797b2a8bb508225a8aa13fe2fff8d752491c0e8f59762d1823f6a8fe4baaa7f

76 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file contains embedded and obfuscated JavaScript, as indicated by multiple heuristic firings including ClamAV's detection of an obfuscated object. This JavaScript is likely responsible for executing a malicious payload, potentially involving the use of scripting languages like PowerShell or Visual Basic, although no specific script content was extracted. The primary attack vector appears to be leveraging PDF vulnerabilities to deliver malware.

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.