PDF malware analysis — malicious · fce510a93905e8ae

MALICIOUS

PDF

291.4 KB Created: 2017-03-08 09:02:48 Authoring application: Joomla! 1.5 - Open Source Content Management (via TCPDF 2.5.000_PHP4 (http://www.tcpdf.org))

MD5: 931a3c489f40755d0000cf46e7292c0f SHA-1: 2b9aab6c32324e8e8eeba84ba1207d18605e9775 SHA-256: fce510a93905e8ae17ff34b151f33505e21f8b08f1b42b10795b90be5dcc45a3

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file was detected by ClamAV as Unix.Trojan.PhpBackdoor-9354530-2, indicating it contains a backdoor. A PDF heuristic firing for eval() suggests the presence of executable code within the document. The document body content is heavily obfuscated and unreadable, providing no direct clues about the lure or specific functionality beyond what the heuristics indicate.

Heuristics 2

ClamAV: Unix.Trojan.PhpBackdoor-9354530-2 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Unix.Trojan.PhpBackdoor-9354530-2
eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`stream_002_off0000b8c4.bin` `a5337ef1f5a0dfe4dc8fa6b4f3ef847a53624800b5928a0eeef5b888ceecaabc`	decompressed-pdf-stream	PDF FlateDecoded stream at offset 0xB8C4	264072 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.