PDF malware analysis — malicious · 5b03bbb6e3afd113

MALICIOUS

PDF

22.3 KB Created: 2009-04-24 09:54:29 +02:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 7.0.5 (Windows))

MD5: 7f3355b06ab270400b8e575e85860354 SHA-1: 894ae026be70031a19b7f1ab566eb7e9495c2e7b SHA-256: 5b03bbb6e3afd113548031454ef26933e467f299b1014fedb583bd6db15f171d

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The sample is a PDF file flagged by multiple heuristics, including ML_NYX_PDF_MALICIOUS and ClamAV's Heuristics.PDF.ObfuscatedNameObject, indicating malicious intent. It contains embedded JavaScript, identified by PDF_JAVASCRIPT and PDF_JS heuristics, which is a common method for exploiting PDF vulnerabilities. The JavaScript is heavily obfuscated but appears to be designed to download and execute a secondary payload, as suggested by the `eval` calls and string manipulation.

Machine Learning

Nyx PDF Classifier malicious score 0.9976

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.