Malicious PDF — malware analysis report

Static analysis result for SHA-256 1a262a6ae87980be…

MALICIOUS

PDF

7.5 KB Authoring application: Jgaxivakafowizasi (via f5bfbUohosicilab)
MD5: 30183e6830073fad66b2b92c9e2eb57a SHA-1: db0f19952d8c35cb93431eeacf8d501a4afeb597 SHA-256: 1a262a6ae87980be1b3548423b82815af299e8f4abe10db0acb251e3c2d604d4
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.001 Spearphishing Attachment T1027 Obfuscated Files or Information

The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically due to obfuscated JavaScript content. The presence of embedded JavaScript streams and actions strongly suggests an attempt to execute arbitrary code. The ML classifier output of 0.995 indicates a high likelihood of malicious intent. The obfuscated nature of the JavaScript, as indicated by the ClamAV rule 'Heuristics.PDF.ObfuscatedNameObject', points towards an attempt to evade detection.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9954

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0011_000.js
c35f939b8b08b4458e4f2307d4bfd0afc23546c955e11c1da88e87302e40c9b0		 pdf-javascript-stream PDF /JS object 11 at offset 0x1358 3029 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.