PDF malware analysis — malicious · 6362ecdd6a4c450d

MALICIOUS

PDF

765 B

MD5: a1492e2dfb0cf89099ff84cc70f3eb86 SHA-1: 292d3b48889c3e8142acb01916e3949a3a82e530 SHA-256: 6362ecdd6a4c450d29f963451a5a81a18b738f6d2a1f3af25fb450be22b3b528

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript

The PDF file contains embedded JavaScript streams, which are flagged by heuristics as potentially malicious. The JavaScript itself is obfuscated and only contains a simple 'Hello World' alert, suggesting it may be a benign test or a heavily crippled malicious payload. No further malicious activity or IOCs were extracted.

Machine Learning

Nyx PDF Classifier malicious score 0.9997

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0006_000.js` `0ac16d9098bbf8c6c212e899c51de2750e171cd5ec99081c15a258952c5206ed`	pdf-javascript-stream	PDF /JS object 6 at offset 0x1B9	51 bytes
`javascript_obj0006_001.js` `5b44877874876b66502298a01c34ef15581eb639b7546f154e883701f42ad03f`	pdf-javascript-stream	PDF /JS object 6 at offset 0x1DC	289 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.