Malicious PDF — malware analysis report

Static analysis result for SHA-256 1427eb7b23dee879…

MALICIOUS

PDF

3.3 KB First seen: 2021-05-04
MD5: 514cb83a58787982b06d2ea55788df61 SHA-1: 2ebb43a52f252a67557d6910b6d4fbc2aa89e458 SHA-256: 1427eb7b23dee87970741abe66b3853b721f4f65ebc8c1eaef85bb3745eda39c
86 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Annotation use-after-free exploitation pattern high PDF_ANNOT_UAF_PATTERN
    PDF JavaScript combines addAnnot() spray, .destroy() free and getAnnot() re-entry with a getter installed via Object.defineProperties (and/or an annotation named "uaf" and an Int32Array/ArrayBuffer info-leak) — the annotation use-after-free exploitation shape used by modern Adobe Reader UAF exploits. Memory corruption; the exact CVE depends on the targeted build.
  • JavaScript action low 1 related finding PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.