Malicious PDF — malware analysis report

Static analysis result for SHA-256 92583158104d4025…

MALICIOUS

PDF

11.3 KB
MD5: 9f7cef503ec1469881adfa906824f77d SHA-1: 973f8087793945aa7d9c4ff48a3a8d3bc5c9f281 SHA-256: 92583158104d402537de6214934d1d6a2c5086634cf0409ada6521570ada3e5f
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.001 Spearphishing Attachment

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for obfuscated objects and a high ML score, indicating malicious intent. The presence of JavaScript actions and embedded JS streams suggests the document is designed to execute code. The specific ClamAV detection 'Heuristics.PDF.ObfuscatedNameObject' points to an attempt to hide malicious content within the PDF structure, likely to deliver a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9997

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.