PDF malware analysis — malicious · 3058fc81111950c0

MALICIOUS

PDF

7.4 KB Created: 2010-09-16 18:55:19 Authoring application: Tolhipezorojpagiwaqo (via e17b5Seueganadazaqeav)

MD5: a8b3e63c9b7e4ee9e25a68bf643fbb40 SHA-1: fe5656882f6b1dec4c40027a501f612ea888fa17 SHA-256: 3058fc81111950c0a97ea40398e9ea6d7162500824c6cfb00169c68afa0c7a08

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for obfuscated objects and a high ML classifier score, indicating malicious intent. The presence of embedded JavaScript, specifically a 2332-byte stream, strongly suggests that the document is designed to execute malicious code. This script likely acts as a downloader for a second-stage payload, which is a common technique for initial access and further system compromise. The obfuscated nature of the JavaScript and the PDF structure points towards an attempt to evade detection.

Machine Learning

Nyx PDF Classifier malicious score 0.9954

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low 1 related finding PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `e2d41866c9fb013feb60cefe8b41892c7277decb0774febb940ce493b1221654`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1387	2332 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.