PDF malware analysis — malicious · 6bfca27b2adb5f0c

MALICIOUS

PDF

4.4 KB

MD5: 4f0e42078bce32d43b3abb42a00cc11d SHA-1: 7043abdc155bad5bca0e27002bb4ef8ddad5e999 SHA-256: 6bfca27b2adb5f0cb465cb99e9fe0eddb8f1c2eb843e48b7bfb4e6ce3b5012eb

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, identified by heuristics and ClamAV as malicious. The JavaScript code appears to be obfuscated but reconstructs a URL, likely for downloading a secondary payload. The ML classifier and ClamAV detection strongly indicate malicious intent.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Pdf.Malware.Agent-9985716-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Malware.Agent-9985716-0
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `633a42e2349fd809a8b247d5e9364c48ff2828d5b3c3ffd11590c8065097b3e3`	pdf-javascript-stream	PDF /JS object 11 at offset 0xDCE	775 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.