PDF malware analysis — malicious · 0e77b011e127f80c

MALICIOUS

PDF

10.8 KB

MD5: d6208f794b3f514a689a5e2d9e3069f9 SHA-1: 5a89066a4512a229c1333a670aa4a60a0ffff7fc SHA-256: 0e77b011e127f80cd1701837f4117e0d3e17452b64f633718a7d484bedd17cf3

108 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment

The sample is a PDF file flagged as malicious by multiple heuristics and an ML classifier. It contains embedded JavaScript, indicating an attempt to exploit vulnerabilities within the PDF reader to execute arbitrary code. The presence of JavaScript actions and streams strongly suggests an attack pattern involving malicious scripting. The ClamAV detection of 'Heuristics.PDF.ObfuscatedNameObject' further supports the malicious nature of the file.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Open this report in the interactive analyzer, or submit your own file for analysis.