CLEAN
22
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
The PDF file exhibits characteristics of malicious intent, including an embedded JavaScript stream and an unusually high number of stream objects, indicative of potential obfuscation or exploit delivery. While the document body is unreadable, the presence of embedded JS and numerous streams strongly suggests an attempt to execute code. The embedded URLs, though mostly benign, include two unknown ones that warrant attention.
Machine Learning
- Nyx PDF Classifier suspicious score 0.2923
Heuristics 2
-
Unusually high stream count medium PDF_MANY_STREAMSPDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.w3.org/1999/02/22-rdf-syntax-ns# In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://www.npes.org/pdfx/ns/id/In PDF document text
- http://www.aiim.org/pdfa/ns/id/In PDF document text
- http://ns.adobe.com/pdfx/1.3/In PDF document text
- http://www.iec.chIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_007_off00109ed8.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x109ED8 | 87108 bytes |
SHA-256: a66964a267a5f350297ce13581c465e5bce2011d4e553b735ebe82ff52c62de8 |
|||
icc_00_off00001ff6.icc |
pdf-icc-profile | PDF ICC profile at offset 0x1FF6 | 3144 bytes |
SHA-256: 2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e |
|||
font_00_cff_off01b8dfea.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x1B8DFEA | 286 bytes |
SHA-256: f73de91edcfaea2b23a1e8d4ddb2e9b9a927bfed8b628bcdfb4f449b51f8c2c2 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.