Malicious PDF — malware analysis report

Static analysis result for SHA-256 067b69d1adca3b0a…

MALICIOUS

PDF

639 B
MD5: e8c347fd98069722e50c1bff3a564a9e SHA-1: 171413c3558a4d8ea2f30daef8507d08f67d2f1d SHA-256: 067b69d1adca3b0ad4a1b6bef04e275fd8a141d574540f176e0fadc3384427c6
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, flagged by multiple heuristics including ML and ClamAV. The JavaScript action is likely intended to execute malicious code upon opening the document, potentially leading to further compromise. The presence of JavaScript points to T1059.007, and the nature of PDF documents often implies T1566.001 as the initial access vector.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9991

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.