PDF malware analysis — malicious · 20b3700b3809f0c3

MALICIOUS

PDF

140.4 KB

MD5: 0a886e7c09fd9c06fcf61acea6415776 SHA-1: 7f8a37b2ebee95123ed2d0f002e391ef4f79b01e SHA-256: 20b3700b3809f0c394c2dfcd68c2c5d23a299ddfe76e47165107f91d3e04302e

116 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The file is a PDF containing embedded JavaScript, as indicated by multiple heuristic firings including 'PDF_JAVASCRIPT' and 'PDF_JS'. The 'ML_NYX_PDF_MALICIOUS' and 'CLAMAV_DETECTION' heuristics further confirm its malicious nature. The embedded JavaScript is likely responsible for executing malicious code, potentially leading to further compromise.

Machine Learning

Nyx PDF Classifier malicious score 0.6874

Heuristics 5

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Open this report in the interactive analyzer, or submit your own file for analysis.