PDF malware analysis — malicious · a159f1683f15a5c5

MALICIOUS

PDF

7.5 KB Authoring application: Jgaxivakafowizasi (via bbcb3Uohosicilab)

MD5: e6aa9f8960d4415a9840756bc966e8c2 SHA-1: 3fd96884dd78d56afd4969ff11da933d5a1fc35e SHA-256: a159f1683f15a5c538b10eaea4ded4bb43d191a529284d8608c1eda939c570ec

108 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment T1027 Obfuscated Files or Information

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for obfuscated objects and a high ML score indicating maliciousness. The presence of embedded JavaScript, identified as 'javascript_obj0011_000.js', strongly suggests an attempt to execute arbitrary code. The obfuscated nature of the JavaScript, as indicated by the 'PDF_JAVASCRIPT' and 'PDF_JS' heuristics, points towards an effort to evade detection. The primary attack pattern is likely the execution of malicious JavaScript embedded within the PDF, potentially leading to further payload delivery or system compromise.

Machine Learning

Nyx PDF Classifier malicious score 0.9954

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `c35f939b8b08b4458e4f2307d4bfd0afc23546c955e11c1da88e87302e40c9b0`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1358	3029 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.