Static analysis of a malicious PDF file with an embedded docm file

The malware sample used for this analysis was obtained from Tyler Hudak, please observe all necessary precautions when analysing malware samples.

Fig 1.0: pdfid & oledump outputs showing the streams in both files.

The demo for this analysis can be found on my YouTube.

The following details were extracted from the static analysis:

File 1( important.pdf)

Filesize: 59386 bytes
Filetype: PDF
md5: 19FDFEAB268F27983286F7898636A902
sha1: C1F4FF79C027791D1EA0D6A61F2CC968E47D990C
sha256:85ECAF38508EA1773317A356019EE8318BFCCF9191AFC6D24702B2A220BE1D86
Number of objects: 13
Object with Macro file: Object 3
Keywords:
-Javascript :12
-OpenAction : 12
-Embedded files : 3

Fig 2.0: Exeinfo PE screenshot

Fig 3.0: pdfid showing the objects in the PDF file

Fig 4.0: JavaScript code in Object 5