Malicious PDF — malware analysis report

Static analysis result for SHA-256 5267dddb99f6e393…

MALICIOUS

PDF

7.5 KB Authoring application: Jgaxivakafowizasi (via 4b3d7Uohosicilab)
MD5: d55819d6ec50855d8fe3b09d88e490d2 SHA-1: daf6029ab1df76a8c4fc3e59726349d4bb1099a6 SHA-256: 5267dddb99f6e393896244fe110dc1b1d10ef5547ca3e3e557cedabca0760e5d
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged by ClamAV with 'Heuristics.PDF.ObfuscatedNameObject' and a high ML score, indicating malicious intent. Embedded JavaScript, detected by heuristics, is likely responsible for executing the malicious payload. The obfuscated nature of the JavaScript and the PDF structure suggests an attempt to evade detection, typical of malware delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9954

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0011_000.js
c35f939b8b08b4458e4f2307d4bfd0afc23546c955e11c1da88e87302e40c9b0		 pdf-javascript-stream PDF /JS object 11 at offset 0x1358 3029 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.