Malicious PDF — malware analysis report

Static analysis result for SHA-256 fa14bb7f9fa52568…

MALICIOUS

PDF

22.2 KB Created: 2009-04-24 09:54:29 +02:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 7.0.5 (Windows))
MD5: 2014a3d4212c4a5baae9b2828957601e SHA-1: d2b4b25b196689b514c4c19354a83143cc3e9d92 SHA-256: fa14bb7f9fa52568a7b02b96752c1bd3bf97f743587d1f548b6ff56d99b11b45
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The JavaScript is heavily obfuscated, making its exact function difficult to determine, but the presence of obfuscated code and the ClamAV detection for 'Heuristics.PDF.ObfuscatedNameObject' strongly suggest malicious intent, likely to download and execute a secondary payload. The document body contains metadata that appears to be remnants of the document creation process rather than user-facing content.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.