Malicious PDF — malware analysis report

Static analysis result for SHA-256 8ffba89ea5f3cf6b…

MALICIOUS

PDF

7.9 KB Created: 2010-10-05 19:18:00 Authoring application: Pafitisbotticxixoua (via e2bb5Jehabactasga)
MD5: e625ed3eba0a202d0cb2687bc2cd481a SHA-1: 5f05c4365b243afa903a4a0efe8d1e318388c940 SHA-256: 8ffba89ea5f3cf6bff04ff6c8fb3f4084b79566dd15810647f4502a212b27dc6
108 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 JavaScript T1566.002 Spearphishing Attachment

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for obfuscated objects and a high ML classifier score, indicating malicious intent. The presence of embedded JavaScript, identified by PDF_JAVASCRIPT and PDF_JS heuristics, suggests the execution of malicious code. While the document body is heavily obfuscated and unreadable, the embedded JavaScript is the primary mechanism for exploitation, likely leading to further stages of an attack.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9954

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0011_000.js
1d712bcf04655f0ea3df286010452910c0e6b45f83cc66ee3a790e43e4d30967		 pdf-javascript-stream PDF /JS object 11 at offset 0x136A 3144 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.