MALICIOUS
88
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0087
Heuristics 7
-
JavaScript action low 2 related findings PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
PDF JavaScript submits form data to external URL high PDF_JS_SUBMITFORM_URLPDF JavaScript calls submitForm() with an external HTTP(S) URL. This can send form/document context to a remote endpoint or route the user into a credential-phishing flow. It is a behavioral indicator, not a parser exploit signal.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
SubmitForm action medium PDF_SUBMITFORMPDF has a /SubmitForm action — form data can be silently posted to an attacker-controlled URL
-
AcroForm button with action trigger low PDF_ACROFORM_BUTTONPDF contains a /Btn form field together with a SubmitForm/URI/Launch/JS trigger — this is the building block of fake 'Download' or 'Open' button overlays used in PDF phishing lures
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.sr-71.org/blackbird/manual/4/4-226.htm In PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-140.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-138.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/3/3-70.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/1/1-119.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/1/1-80.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/1/1-77.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-223.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-142.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-136.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-63.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/2/2-61.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/2/2-58.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/1/1-121.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/6/6-25.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/6/6-23.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/6/6-11.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/6/6-8.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/6/index.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-193.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-168.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-113.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-32.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-10.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-8.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-219.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-217.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-215.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-209.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-207.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-205.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-203.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-189.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-184.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/asars-1notice.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-149.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-145.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-124.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-123.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-119.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-117.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-102.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-100.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-98.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-90.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-60.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-58.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-56.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-54.htmIn PDF document text
- http://www.sr-71.org/blackbird/manual/4/4-45.htmIn PDF document text
+320 more URL(s)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj23519_000.js |
pdf-javascript-stream | PDF /JS object 23519 at offset 0x4681F | 145 bytes |
SHA-256: df246024cf51d0eeefc96e4b3ddc6d6f4e67a9b06244fa1113b1c85ca7006c60 |
|||
Preview scriptFirst 1,000 lines of the extracted script
if (event.commitKey == 2)
this.submitForm("http://search.freefind.com/find.html", false, true, "NIBMOGOGABJLENFHOAOIDAFHLGILNACG.form2.x", true);
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.