MALICIOUS
76
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9939
Heuristics 5
-
PDF embedded file could not be fully decoded medium PDF_EMBEDDED_FILE_UNDECODEDA declared PDF /EmbeddedFile stream uses filters that the scanner could not decode. The raw stream was carved for artifact triage because malformed or unsupported attachment filters can hide payload content from normal extraction.
-
JavaScript action low 1 related finding PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded file low PDF_EMBEDDEDPDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://dejavu.sourceforge.netFonts Referenced by PDF JavaScript
- http://www.monotype.comhttp://www.monotype.com/html/type/license.htmlReferenced by PDF JavaScript
- http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlUseReferenced by PDF JavaScript
- http://www.ascendercorp.com/liberation.htmlReferenced by PDF JavaScript
- http://dejavu.sourceforge.net/wiki/index.php/LicenseReferenced by PDF JavaScript
- http://www.monotype.com/html/mtname/ms_couriernew.htmlhttp://www.monotype.com/html/mtname/ms_welcome.htmlNOTIFICATIONReferenced by PDF JavaScript
Extracted artifacts 11
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
ttt.pdf |
pdf-embedded-file-undecodable | PDF EmbeddedFile object 108 at offset 0x35C05; filter decode failed | 479 bytes |
SHA-256: 87f1a647443d68f6bf1870f759a102b750c192acaf41eae3bf880bd6aa2f6b87 |
|||
javascript_obj0109_000.js |
pdf-javascript-stream | PDF /JS object 109 at offset 0x35DF7 | 52 bytes |
SHA-256: e902b7276140d03fbf1074123ad67ab6790057629ca9386b1181cd25f4d94253 |
|||
Preview scriptFirst 1,000 lines of the extracted script
this.exportDataObject({ cName: "ttt", nLaunch: 0 });
|
|||
font_00_sfnt_off00018873.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18873 | 39760 bytes |
SHA-256: f027842567b04c926ad746e8dfdc4f8cdd2e3c7e0220264a22bb516569de8c36 |
|||
font_01_sfnt_off0001e18a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1E18A | 33672 bytes |
SHA-256: da753cc0b5163c9b6666572dbeb35b7b5caf4a56d9c22c99c36835925c000a71 |
|||
font_02_sfnt_off00023149.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x23149 | 12752 bytes |
SHA-256: 23ac8feb518c8c727acc6a954bb623e333337c9458521aed483fcc8d89f418c1 |
|||
font_03_sfnt_off0002558e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2558E | 13136 bytes |
SHA-256: c8fd7189737c38a43b9ba034337799f502028b5db5a6037bd1df4c486f3233e0 |
|||
font_04_sfnt_off00027bf4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x27BF4 | 27096 bytes |
SHA-256: cf699c117fd0bb7368c625645b874f03c477a382b67075e98dd54d87de53958b |
|||
font_05_sfnt_off0002ca67.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2CA67 | 13700 bytes |
SHA-256: 34829650519fe758a893e02057f5c7c1070378add027225386180ba60993be24 |
|||
font_06_sfnt_off0002f2cf.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2F2CF | 14892 bytes |
SHA-256: bf36ecd37d117b665b1c68abb1c41fbb1a9d46c2c583bdb8512681835e553b91 |
|||
font_07_sfnt_off00031db2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x31DB2 | 13576 bytes |
SHA-256: 37478039963094b7b89fb24df19adb1f5ee171f766ade680ac5516bb23ede59f |
|||
font_08_sfnt_off00033c21.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x33C21 | 1780 bytes |
SHA-256: df903f2017d43426972294ce96b065da76255f4a0de84e466c7a4dd6181632c2 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.