PDF malware analysis — malicious · cef7ed043b4f9d89

MALICIOUS

PDF

7.5 KB Authoring application: Jgaxivakafowizasi (via 1bb26Uohosicilab)

MD5: d8873c4b41a25b72213aeda26b05972b SHA-1: c91d602aceddbeaa9ee7d60d67ff5741ca1e92d1 SHA-256: cef7ed043b4f9d89c56cfb3e3570732316fefcb08bb07deb15dc4d1070a8155a

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file was flagged by multiple heuristics, including ClamAV's 'Heuristics.PDF.ObfuscatedNameObject' and a high-confidence ML classifier, indicating malicious intent. An embedded JavaScript stream was detected, which is commonly used to exploit PDF vulnerabilities or download further malicious content. The presence of JavaScript actions and streams strongly suggests the file attempts to execute code, likely to download and run a secondary payload.

Machine Learning

Nyx PDF Classifier malicious score 0.9954

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `c35f939b8b08b4458e4f2307d4bfd0afc23546c955e11c1da88e87302e40c9b0`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1358	3029 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.