CLEAN
2
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
The PDF file triggered a generic stage recovery heuristic, indicating the presence of embedded JavaScript. This JavaScript is likely designed to download and execute further malicious content. The benign URLs present do not appear to be directly related to the malicious activity.
Machine Learning
- Nyx PDF Classifier clean score 0.0002
Heuristics 1
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://dejavu.sourceforge.net In PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
icc_00_off0002c65a.icc |
pdf-icc-profile | PDF ICC profile at offset 0x2C65A | 560 bytes |
SHA-256: e5f6ffb83b6d3491301dd750975684cc5cc2a1951c994a14b08cfdaa0d75a041 |
|||
font_00_sfnt_off00000d70.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD70 | 25964 bytes |
SHA-256: 1995f72ebefde4b7931f3812229aaef9498f3dd5456d37b8b8b9707d65115e80 |
|||
font_01_sfnt_off00004418.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4418 | 27400 bytes |
SHA-256: a95338c9ad160e477be745788ea9119656fb4a943f0f9d3a75998869935adf89 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.