MALICIOUS
102
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF is encrypted and contains JavaScript, indicating that malicious content is hidden from static analysis. Heuristics strongly suggest an advance-fee scam lure, involving fake lotteries or prizes and parcel delivery requirements. The presence of encrypted JavaScript is a common technique to deliver malicious payloads or redirect users to phishing sites.
Machine Learning
- Nyx PDF Classifier clean score 0.0008
Heuristics 4
-
Encrypted PDF carries /js — payload hidden from static analysis high PDF_ENCRYPTED_WITH_JSPDF declares /Encrypt and also references an executable trigger (/js). Document encryption hides the JavaScript body and stream contents from static scanners — combined with auto-execution indicators this is a known evasion pattern used to deliver weaponised JavaScript that the analyst cannot inspect without the decryption key.
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
JBIG2Decode filter medium PDF_JBIG2JBIG2 image decoder present — historically used in zero-click exploits
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 22
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
jbig2_00_off000f1eca.binc5130ce7059ab6079e1cfde33ff84b0982cf90e09a4452e6303ca7c34a6a85aa |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xF1ECA | 7819 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.97, consistent with packed or encrypted content.
|
|||
jbig2_01_off000fe3e3.bina3a0824a6d047c91bf74f25b2954f0c768be6ee70c646a1be8721dc10cd94c30 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0xFE3E3 | 8608 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.97, consistent with packed or encrypted content.
|
|||
jbig2_02_off0010fdf7.bin4711ccb16b25e16e219aeb2c203f43a3eb3e81e968ec7be7151a17f544c43ff3 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x10FDF7 | 16125 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.99, consistent with packed or encrypted content.
|
|||
jbig2_03_off0011fa10.bin593953d534a6509da4b17ad2fd3f73192423385491e6b40f2501bd51cc5ee7cf |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x11FA10 | 14940 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.99, consistent with packed or encrypted content.
|
|||
jbig2_04_off0012724f.bin9f270a38a0acf28d441b1f99166d64f9b347a04f66fc1de7198f1a9a1bf50777 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x12724F | 12118 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_05_off00135b64.bin4988c56cb1f6af552d891c910759f770f0ee5c3580748906da9ac5ad5aa1acfe |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x135B64 | 12094 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_06_off0013bb38.bin9c5d1c7787365788fcb671145ed2b79dc8421f78078937cfd155335b5d714ced |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x13BB38 | 10350 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_07_off00186a8d.bina449ff7c52dcefa6778f7a03e795f53c86ea007fb76009c7b9523cab517cea55 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x186A8D | 10053 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_08_off0020a4e7.bin80b6734d4bb978ed2f0ec9971027c69cf2a4686040d39eb70cc9debce1f43aa2 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x20A4E7 | 11859 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_09_off00222b5f.bin8751a811a7c91a1692acf2e2b8b72c9044a96879842151915f22d77b5b30b982 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x222B5F | 10840 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_10_off0022df52.bince14b0559d71aa53928a96ee49d85a08b0550730a2acb95444d8dffadc8bca49 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x22DF52 | 15577 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.99, consistent with packed or encrypted content.
|
|||
jbig2_11_off002363af.bin9fab3dc6e27049a9fe2558d7fb5ca88076eb59a6c671dd9593bb9021dc1b6097 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x2363AF | 14747 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.99, consistent with packed or encrypted content.
|
|||
jbig2_12_off0023dbf4.binb98ed5a14d5cf214cd499e239602dfce41485f52d6d7bafcb5982759e96f4674 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x23DBF4 | 8891 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_13_off00273cf6.bine795a96aee652d044783ead4fb3393f1797edbe62607c9b621b9018d5df98aad |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x273CF6 | 17845 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.99, consistent with packed or encrypted content.
|
|||
jbig2_14_off00281d4f.bin0f3eb159ad3053eeae8c7740e46a8b237a73ddde3ef47a4b7af65638ad60068d |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x281D4F | 14019 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_15_off00289113.bin386a7d775522f3a17b745ae93f659eaea52643a0fc73e366b79324c486697e14 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x289113 | 17030 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.99, consistent with packed or encrypted content.
|
|||
jbig2_16_off00293388.bin1eec6c3624003c077435c0e216eb56ae6e87fcddfda7b77f4d56d5499573b8e9 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x293388 | 16769 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.99, consistent with packed or encrypted content.
|
|||
jbig2_17_off003008b1.bin916a2b3d57c39334e16c96128053cfaf844bcb00734d8dd4f1c4cf99d9a9a12d |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x3008B1 | 9790 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_18_off0030a135.bincdb55caa74e6e9d6a1ebcc9f61a782c0947e9c3a9d3e4020686e6c48d977d372 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x30A135 | 13686 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_19_off00311041.bin10b804e293c74c079a749bc91636f5aa6f874f9a4b4e0844804e3582c6a80f2e |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x311041 | 11530 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_20_off00318466.bin68368746a802766600bb05c7bd29fdca9747870f9acc1305e5a9b9d8839e39de |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x318466 | 13660 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
jbig2_21_off0031e861.bin4c6ff6b59be1acbc9b6357369af2774d2350f3a70807c8998e0aa330b29514b2 |
pdf-jbig2-stream | PDF JBIG2 stream at offset 0x31E861 | 5940 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.97, consistent with packed or encrypted content.
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.