PDF malware analysis — malicious · 18a133e41230229c

MALICIOUS

PDF

203.5 KB

MD5: 61a8ebadea6dd5d159f6b3c14fb74c2d SHA-1: a06c419171e56007c9b37b8ee0333f1146ff711a SHA-256: 18a133e41230229c1b735a4590080519644a350aaadcaf012691c5fec15da9e0

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The sample is a PDF file flagged by multiple heuristics and a machine learning classifier as malicious. It contains embedded JavaScript, indicating an attempt to execute code. The ClamAV detection of 'Heuristics.PDF.ObfuscatedNameObject' further supports its malicious nature. The embedded JavaScript is likely responsible for downloading and executing a secondary payload, a common technique for initial compromise.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.