Malicious PDF — malware analysis report

Static analysis result for SHA-256 41e0bcf048ae1c7d…

MALICIOUS

PDF

7.3 KB Created: 2010-09-16 18:52:20 Authoring application: Qabifagevafa (via 168feTiqotezozav)
MD5: b339860756490a10c7277f58ac6625d6 SHA-1: 97dfd1cda595d532d14c155bbd8c59b967c43fed SHA-256: 41e0bcf048ae1c7d8e4ab604f40b7fcdabeb94cb44edb106b01a0006e564a9ff
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for obfuscated objects and an ML classifier indicating maliciousness. Embedded JavaScript was extracted, suggesting it is used to execute malicious code. The specific obfuscation and lack of clear document content prevent a more precise family attribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9954

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0011_000.js
ff85b44f7d06834e69a161aee8e28b7340c56fef50ee1649100cb6f376ea5386		 pdf-javascript-stream PDF /JS object 11 at offset 0x1364 2324 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.