Malicious PDF — malware analysis report

Static analysis result for SHA-256 b4a0daee580f604d…

MALICIOUS

PDF

3.6 KB
MD5: d8626f75313e235114da97d00798a81f SHA-1: a93be94ad64cf6736d54d8d45e05221f02636f7f SHA-256: b4a0daee580f604df60a3ce48192e1f83147de4ad35b62fa92b11e65e86fab1d
106 Risk Score

Malware Insights

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for obfuscated objects and a high ML classifier score, indicating malicious intent. The presence of embedded JavaScript, identified by PDF_JAVASCRIPT and PDF_JS heuristics, suggests an attempt to execute arbitrary code upon opening the document. The exact payload or exploit is not discernible from the provided evidence, but the overall pattern points to a malicious PDF dropper.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.