Malicious PDF — malware analysis report

Static analysis result for SHA-256 63fb5eea8fc3cec8…

MALICIOUS

PDF

44.9 KB
MD5: 650564787a7c9a50716e23ba360d70c1 SHA-1: c78cc4b718b4d56c47098310da529e2f7df89736 SHA-256: 63fb5eea8fc3cec842315a86406a075f0bfd43423896c1c8bd051e5ba7a60795
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF document contains embedded JavaScript, flagged by multiple heuristics as malicious. The JavaScript is heavily obfuscated but appears to reconstruct a string and execute it, likely to download and run a secondary payload. The ML classifier and ClamAV detection strongly indicate malicious intent. The 'test' document body is not indicative of a specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Malware.Agent-7658987-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Malware.Agent-7658987-0
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0001_000.js
f861a230a2882fab4e1e6addf4b47bbea925bc7f5524df70c1426d41e45ce09f		 pdf-javascript-stream PDF /JS object 1 at offset 0xB0F2 492 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.