PDF malware analysis — malicious · 6d18e566a960ab52

MALICIOUS

PDF

4.9 KB

MD5: 776e457f643fd6aa60d93ed6a3aeb665 SHA-1: 907ef0579b0bc0132d7de6fd046a7ee0004c9a2d SHA-256: 6d18e566a960ab5254297e0962796a683bae49259300531292fb5e6777a942a5

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file was flagged by a machine learning classifier and ClamAV with a critical heuristic for obfuscated JavaScript. The embedded JavaScript is likely designed to download and execute a second-stage payload, a common technique for initial compromise. The presence of JavaScript within the PDF points to T1059.007, and the overall malicious nature suggests exploitation for client execution (T1203) and likely delivery via spearphishing attachment (T1566.001).

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.