PDF malware analysis — malicious · 09f61c1711fbd460

MALICIOUS

PDF

22.4 KB Created: 2009-04-24 09:54:29 +02:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 7.0.5 (Windows))

MD5: b4fc9bf9265d5efa5eaea1e6a4952445 SHA-1: d82d2a5474bbbd00a93392a1ac82994a591bb08b SHA-256: 09f61c1711fbd4603e899718bbfe45122227a4c2ce6182eb0cd1a304f3b20e3f

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

This PDF file was flagged by multiple heuristics, including ML classification and ClamAV, indicating malicious content. The presence of embedded JavaScript, identified by 'PDF_JAVASCRIPT' and 'PDF_JS' heuristics, suggests an attempt to execute code. The JavaScript appears obfuscated, but the intent is likely to exploit a PDF viewer vulnerability and download a secondary payload, as indicated by the 'ML_NYX_PDF_MALICIOUS' and 'CLAMAV_DETECTION' firings. The document body contains obfuscated JavaScript code that attempts to reconstruct strings, likely for malicious purposes.

Machine Learning

Nyx PDF Classifier malicious score 0.9966

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.