Malicious PDF — malware analysis report

Static analysis result for SHA-256 6d6ac989983cc8d3…

MALICIOUS

PDF

3.5 KB
MD5: 3bfcbd5c8b702ab9697bcce256bc6fe1 SHA-1: 8b9048ff50ac6207a15e22710ae339cf016e3853 SHA-256: 6d6ac989983cc8d34a94b15cd7bd8426e7a58f9dda65681a54e0ae417ba2f4e3
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings including PDF_JAVASCRIPT and PDF_JS. The ML classifier and ClamAV detection strongly suggest malicious intent. The embedded JavaScript is likely designed to execute malicious code upon opening the document, potentially leading to further compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.