Malicious PDF — malware analysis report

Static analysis result for SHA-256 7c3dbc707d77d605…

MALICIOUS

PDF

45.3 KB
MD5: e963aac5698788b9530456ddb433d027 SHA-1: c45260cfccefb7b4ee65cd1aa6e518a717ce3d29 SHA-256: 7c3dbc707d77d6056b1c050f4da05ea3d2ac649f01cbd23bf5a3a4b5a855882b
116 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript and triggers heuristics related to PDF JavaScript exploits, including XFA forms. This indicates the sample is designed to exploit a vulnerability to execute code. The presence of an unknown reputation URL suggests a potential command and control or download location.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 5

  • JavaScript action low 2 related findings PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER
    PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.bitstream.com In PDF document text
    • http://ns.adobe.com/xdp/In PDF document text
    • http://www.xfa.org/schema/xci/2.6/In PDF document text
    • http://www.xfa.org/schema/xfa-template/2.6/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000033c.bin
4f6b10da3ed2b3bb31cfffc6b262b02eb20889d83249e04a2165810916cdd1f9		 pdf-font-stream PDF embedded font (sfnt) at offset 0x33C 65932 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.