Malicious PDF — malware analysis report

Static analysis result for SHA-256 65151794a061d093…

MALICIOUS

PDF

7.7 KB Authoring application: Qimigiwova (via 6d955Bashemeriwesohitaro)
MD5: f95d002fac44578a3c9d576ac5995d86 SHA-1: 7c1068cbe7028c0cabfbdf19a713d8a44e0a1f59 SHA-256: 65151794a061d093e8be0c28c0e883e4b444d57d34b369e5b2700102fd4e9633
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF sample contains embedded JavaScript, flagged by multiple heuristics and a machine learning classifier as malicious. The JavaScript code appears to be obfuscated, but its presence strongly suggests an attempt to exploit the PDF viewer or execute malicious actions. The ClamAV detection 'Heuristics.PDF.ObfuscatedNameObject' further supports the malicious nature of the file.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9989

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0010_000.js
ed31b16df2b6492a4d5be85b534deca964c2f0e07a8443782787f4ed9c62c93c		 pdf-javascript-stream PDF /JS object 10 at offset 0x1303 3192 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.