MALICIOUS
66
Risk Score
Malware Insights
MITRE ATT&CK
T1203 Exploitation for Client Execution
The file is a PDF with a ClamAV heuristic firing for obfuscated objects, indicating malicious intent. The presence of embedded URLs, though benign in this case, suggests the document's potential to interact with external resources. The PDF structure and obfuscation point towards exploitation for client execution, likely involving embedded scripts to download further malicious content.
Machine Learning
- Nyx PDF Classifier clean score 0.0004
Heuristics 4
-
ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTIONClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://purl.org/dc/elements/1.1/
Open this report in the interactive analyzer, or submit your own file for analysis.