PDF malware analysis — malicious · a426b153f5c6759c

MALICIOUS

PDF

6.5 KB Created: 2010-08-28 07:57:24 Authoring application: Sejegageiqesoy (via d25fdGolbohoro sazi)

MD5: e36dc128e73b91b285da898fd3f4692f SHA-1: 3c3b09bcb55be5fc182f8fb16418c77241f822f9 SHA-256: a426b153f5c6759cf1b6b9a938f5f046d8019eda937bc83adb05c59123de3bdd

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.002 Spearphishing Attachment

The file is a PDF with embedded JavaScript, flagged by multiple heuristics including ML and ClamAV as malicious. The ML classifier output of 0.998692 strongly indicates malicious intent. The embedded JavaScript, identified as 'javascript_obj0010_000.js', is the primary mechanism for exploitation. While the exact payload is not detailed, the presence of JavaScript in a PDF is a common delivery method for exploits and malware.

Machine Learning

Nyx PDF Classifier malicious score 0.9987

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0010_000.js` `aac1b797b7f4df3946f776d0024554d1424521045e1cc32853762bfc85b57b27`	pdf-javascript-stream	PDF /JS object 10 at offset 0x118D	1781 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.