PDF malware analysis — malicious · a64427aa860b21d1

MALICIOUS

PDF

8.4 KB Created: 2021-01-13 01:03:42 +01:00 Authoring application: Writer (via LibreOffice 6.4) First seen: 2026-05-10

MD5: 5552b197201e5139780d15fa3a114eb0 SHA-1: 949677e1fd35c198019f83d2c892021ea4c0f0a1 SHA-256: a64427aa860b21d1555b93d291716a566620889444ea4d4bb9223fc8a1c0aa52

60 Risk Score

Machine Learning

Nyx PDF Classifier malicious score 0.9927

Heuristics 4

JavaScript action low 1 related finding PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL

The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed In document body
- http://scripts.sil.org/OFLIn document body

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off000007ab.bin`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x7AB	9136 bytes
SHA-256: `78e93780e62274b3566142fa834a1d4c10d8d668abc3961984c543fa0774eed8`

Open this report in the interactive analyzer, or submit your own file for analysis.