PDF malware analysis — malicious · 5fed923913aed3ee

MALICIOUS

PDF

22.2 KB Created: 2009-02-13 09:44:28 +03:00 Authoring application: PScript5.dll Version 5.3.2 (via Acrobat Distiller 7.0.5 (Windows))

MD5: 8aa8e8f1583bef28fe21e9cef071220c SHA-1: e89155cb82fed8ec393c3bbdeb4e5bc02db24cf4 SHA-256: 5fed923913aed3ee2bf4463b9ee0a80181d6f2d6a6863263a88c349fe1ed79cb

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution

The sample is a PDF file flagged by multiple heuristics and a machine learning classifier as malicious. It contains embedded JavaScript, which is likely used to exploit a vulnerability and execute arbitrary code. The obfuscated JavaScript and the use of PScript5.dll suggest an attempt to hide malicious activity.

Machine Learning

Nyx PDF Classifier malicious score 0.9220

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.