PDF / .PHP malware analysis — malicious · 019f0233fa81ad93

MALICIOUS

PDF / .PHP

11.0 KB

MD5: 845525b484063bf66ea6ac32bc0ec1f3 SHA-1: 5ae676611f7ac9e033c41061b7dfd55d8c1a2aa1 SHA-256: 019f0233fa81ad93400885a8b89ba16fffa23eb4e3c698ca8647ae4e9e1c4326

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript T1204.002 Malicious File

The PDF was flagged by multiple heuristics, including ClamAV and an ML classifier, indicating malicious intent. Embedded JavaScript, identified as 'javascript_obj0087_000.js', is present and likely responsible for fetching and executing a secondary payload. The script's obfuscated nature and the presence of large arrays ('seCba5DLCFF', 'WWhd7') suggest complex execution logic, but its primary function appears to be payload delivery.

Machine Learning

Nyx PDF Classifier malicious score 0.9998

Heuristics 3

ClamAV: Pdf.Exploit.Agent-23596 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-23596
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0087_000.js` `48e28f9cf5cb05e20576d3d8c5fee1889c0b9c11dda32fb02fb6ea4624bdc074`	pdf-javascript-stream	PDF /JS object 87 at offset 0x105	27842 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.