Malicious PDF — malware analysis report

Static analysis result for SHA-256 b54c1443f840deef…

MALICIOUS

PDF

4.9 KB
MD5: b7bb0311769d45b53a2b255170e0efb5 SHA-1: ebb2f4a7eaa3b206065d7ba3e656579a4529c177 SHA-256: b54c1443f840deefa9e3932b8835fccb76ef089dc2c995d9598d75a67207c6ee
106 Risk Score

Malware Insights

The PDF file was flagged by multiple heuristics, including a high-severity ML classifier and ClamAV detection for obfuscated objects, indicating malicious intent. The presence of embedded JavaScript actions and streams strongly suggests that the file is designed to execute arbitrary code upon opening, likely to download and run a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.