PDF malware analysis — malicious · 0aaa823a81b23256

MALICIOUS

PDF

7.8 KB Created: 2010-10-05 19:18:00 Authoring application: Pafitisbotticxixoua (via c5a47Jehabactasga)

MD5: 57b3368b9726cd0aa8a399944e8b1153 SHA-1: b0f4bd5895549aeb470ad6215eaff17cee701c12 SHA-256: 0aaa823a81b23256452f9616e128d9b6046f9d8617955630eb1e0c62b5ac7967

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

This PDF file was flagged as malicious by multiple heuristics, including a high-severity ML classifier and ClamAV's Heuristics.PDF.ObfuscatedNameObject rule. It contains embedded JavaScript, which is commonly used to download and execute secondary payloads. The JavaScript code appears to be obfuscated, making a precise analysis of its actions difficult, but its presence strongly suggests an intent to compromise the user's system.

Machine Learning

Nyx PDF Classifier malicious score 0.9954

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `1d712bcf04655f0ea3df286010452910c0e6b45f83cc66ee3a790e43e4d30967`	pdf-javascript-stream	PDF /JS object 11 at offset 0x136A	3144 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.