PDF malware analysis — malicious · 278c9176ce25e548

MALICIOUS

PDF

12.1 KB

MD5: b11cd5a64cd4af27fc4e2c77a6f59de7 SHA-1: 2c4448000ddc362769ade2aaaa8bdca9f8036b8c SHA-256: 278c9176ce25e548d668f7a0dbbe4fa9b47ea191e047529b3b5f366c14c19a5e

66 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF file contains embedded JavaScript, flagged by multiple heuristics. The JavaScript stream, named 'javascript_obj0007_000.js', is obfuscated and likely responsible for executing the malicious payload. The ML classifier strongly indicates maliciousness. The primary attack pattern involves leveraging JavaScript within a PDF to achieve code execution.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0007_000.js` `07fb11838e0de61e832be17795e627c978d9ce3ea980f750d18ad13a22f0b46c`	pdf-javascript-stream	PDF /JS object 7 at offset 0x26D	11454 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 2 long hex-escaped blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.