Malicious PDF — malware analysis report

Static analysis result for SHA-256 5fb0fae3454932ac…

MALICIOUS

PDF

7.3 KB Created: 2010-09-16 18:52:20 Authoring application: Qabifagevafa (via f89e9Tiqotezozav)
MD5: 671a22b5ab8c3af82b9c45c928f46bee SHA-1: 51acf60c34b5776e132219a6172e38b3ccecb882 SHA-256: 5fb0fae3454932ac8a3fbb282110c2787c11d1923a66fd3128b6d856935c15e0
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, flagged by multiple heuristics and a machine learning classifier as malicious. The JavaScript code is heavily obfuscated, making its exact function difficult to determine, but it is designed to execute arbitrary code. This strongly suggests the PDF is intended to deliver a malicious payload, likely via a spearphishing attachment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9950

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0011_000.js
ff85b44f7d06834e69a161aee8e28b7340c56fef50ee1649100cb6f376ea5386		 pdf-javascript-stream PDF /JS object 11 at offset 0x1364 2324 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.