PDF malware analysis — malicious · 2ed19aabbd09f39a

MALICIOUS

PDF

11.9 KB

MD5: f27023cc06c80e20c20137405e6ddd83 SHA-1: 2855d5bdfe902c80e8f26413e54cc641dcf09152 SHA-256: 2ed19aabbd09f39afb5bec4e4cf9b25f4b47283cbeeb878283e980529ce5367e

108 Risk Score

Malware Insights

The PDF file was flagged as malicious by both ClamAV and an ML classifier. Heuristics indicate the presence of embedded JavaScript, a common technique for executing malicious code within PDF documents. The obfuscated nature of the PDF, suggested by the differential parse failure and ClamAV's detection of an obfuscated object name, points towards an attempt to evade static analysis.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Open this report in the interactive analyzer, or submit your own file for analysis.