PDF malware analysis — malicious · 84866eb25e2793b5

MALICIOUS

PDF

13.2 KB Authoring application: Python PDF Library 055 http072057057pybrary056net057pyPdf057

MD5: de6f422472fc260c64e56862c0160d73 SHA-1: c82d758153d0fab891199fd90fa1d07920ca2390 SHA-256: 84866eb25e2793b5903b2700c1852e5a2dfd79f0beb63f56bf4e1af99df13e30

94 Risk Score

Malware Insights

MITRE ATT&CK

T1559.002 Component Object Model Hijacking T1204.002 Malicious File

This PDF file was flagged as malicious by an ML classifier with high confidence. It contains embedded JavaScript and RichMedia (Flash) content, suggesting an attempt to exploit vulnerabilities. An embedded file named 'sploit.swf' was also extracted, likely containing the exploit code.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 5

RichMedia (Flash) high PDF_RICHMEDIA

PDF contains /RichMedia (Adobe Flash) which is a historic exploit vector
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://adobe.com/AS3/2006/builtin

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`sploit.swf` `70e6dbce3b11aaece2d38f1d315dee7736c7ab9138a74cdadc8126393c857018`	pdf-embedded-file	PDF EmbeddedFile object 8 at offset 0x1075	781 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.