Malicious PDF — malware analysis report

Static analysis result for SHA-256 4a0f3600836c3850…

MALICIOUS

PDF

6.4 KB
MD5: f119c3423bc67531b5138fbf58143112 SHA-1: 981de3ca612fa48e108a5f4f3e6264f7451d8103 SHA-256: 4a0f3600836c38506edbc456d092987ade6a3f10ff4b13acc2f630ae66f33c56
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: Malicious JavaScript

The PDF file was flagged by multiple heuristics, including ClamAV and an ML classifier, indicating malicious intent. Embedded JavaScript actions and streams were detected, suggesting the file is designed to execute malicious code upon opening. The specific JavaScript content was too obfuscated to determine its exact payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.