Malicious PDF — malware analysis report

Static analysis result for SHA-256 d18dba3c7fe15aed…

MALICIOUS

PDF

3.6 KB
MD5: a1d59a953c3e53b3dbdfe26dc0f9d9b7 SHA-1: dd20cc6b242e40ea00c499c4dec248d0f9771213 SHA-256: d18dba3c7fe15aed00c1f3065ff190ff59019db452c2b540bf9c3c5980e7d9c5
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File

This PDF file was flagged by multiple heuristics, including a critical ClamAV detection for obfuscated objects and a high ML classifier score. The presence of embedded JavaScript actions and streams indicates an attempt to execute malicious code upon opening the document, likely leading to further exploitation or payload delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.