Malicious PDF — malware analysis report

Static analysis result for SHA-256 cd5562a6871733f4…

MALICIOUS

PDF

64.1 KB Created: 2010-05-12 10:10:08 Authoring application: PDF Editor  - Foxit Software
MD5: d8880b6fc323e8ef37a533a621d9f0d2 SHA-1: 564618c5f99661a7fbba1632a2e498c04bf47fbe SHA-256: cd5562a6871733f4deb0eed5dc71b0629097e80dc5dcbcf5efaff982c5d32414
76 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged by ClamAV for obfuscated JavaScript content. The embedded JavaScript stream, named 'javascript_obj0006_000.js', is the primary indicator of malicious activity. This script is likely designed to download and execute a second-stage payload, contributing to the overall malicious nature of the document.

Machine Learning

  • Nyx PDF Classifier clean score 0.0076

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0006_000.js
95c383236e84c5fa7fda64793e5a23b0ff192206c9b0e38da492df02386d947a		 pdf-javascript-stream PDF /JS object 6 at offset 0x18B 6710 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.