PDF malware analysis — malicious · 0e6a3d50e9f0c661

MALICIOUS

PDF

69.6 KB

MD5: b72e79844ffaabfa51d373ef17957a2b SHA-1: c623c8085488ce3cb1ba65c283bc9e13cf4c6632 SHA-256: 0e6a3d50e9f0c661cab77c413dbcb714bf60aeff1aff7c01f9d88a35949674a6

108 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The PDF file contains embedded JavaScript, identified by multiple heuristics, which is designed to exploit vulnerabilities and download further malicious content. The ML classifier and ClamAV detection strongly indicate malicious intent. The embedded JavaScript likely attempts to download and execute a second-stage payload from the URL http://www.bitstream.com.

Machine Learning

Nyx PDF Classifier malicious score 0.9926

Heuristics 4

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.bitstream.com

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0012_000.js` `c6aa4a8254360508d30c6baf13524d364ee87fa55a4d77f3da0145439968791a`	pdf-javascript-stream	PDF /JS object 12 at offset 0x10610	3702 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.