PDF malware analysis — malicious · 64b27ce8d43cee1c

MALICIOUS

PDF

7.1 KB Authoring application: Wezolokofecpo (via d7e27Nworeticakebi)

MD5: 4f45e4a894a867b12cc2fc4bcd9c699e SHA-1: f3cdd260b8ab6dd732f9c37635277b86c32721c1 SHA-256: 64b27ce8d43cee1c43a07c265c0b3c1a357b041da5243e736ddb00ca2a6bf9b7

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment

This PDF file contains obfuscated JavaScript, detected by multiple heuristics and a machine learning classifier. The JavaScript is designed to download and execute a secondary payload, indicated by the embedded script and its nature. The ClamAV detection of 'Heuristics.PDF.ObfuscatedNameObject' further supports its malicious intent. The primary IOC is the embedded JavaScript file itself.

Machine Learning

Nyx PDF Classifier malicious score 0.9953

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `437a5d40b54247c17dfb3ac60e39d3ecfad672a269694af1851a077d9726a8d2`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1342	2272 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.