Malicious PDF / .TMP — malware analysis report

Static analysis result for SHA-256 5b238844b30a8a1b…

MALICIOUS

PDF / .TMP

1.95 MB
MD5: 6143aa7131c81d477f791987468bbfb1 SHA-1: 6f0e4bf83276f4047fff6b850bb56431e020a70b SHA-256: 5b238844b30a8a1bcb626513b3b926930ba96a1b97213bc0ab1854d6dd67d124
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution

Static analysis identified multiple heuristics indicating malicious JavaScript embedded within the PDF. The ML classifier and ClamAV detection strongly suggest the presence of obfuscated malicious code. The primary attack vector appears to be the exploitation of a PDF vulnerability to execute JavaScript, likely to download and run a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.