Malicious PDF — malware analysis report

Static analysis result for SHA-256 7872ee4ccc644f3f…

MALICIOUS

PDF

6.4 KB
MD5: 31246c04d8caace60d96119603ca8f71 SHA-1: 2287f0c00e3fdce79ab8804b7ff7ed86d430e599 SHA-256: 7872ee4ccc644f3f104e690ecd44307e3c1b8b17521a57cf84e16110cfc7ef0f
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript, flagged by multiple heuristics as malicious and obfuscated. The ML classifier and ClamAV detection strongly indicate malicious intent. The embedded JavaScript is likely responsible for downloading and executing a second-stage payload, a common technique for initial execution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.