Malicious PDF — malware analysis report

Static analysis result for SHA-256 d82502be59ae4431…

MALICIOUS

PDF

7.3 KB Created: 2010-09-16 18:52:20 Authoring application: Qabifagevafa (via c0c93Tiqotezozav)
MD5: a38a08e1dd485786ab3a4c37d2823136 SHA-1: 1aacd386a5ed96b978ed4227bd8c01c24b4c3776 SHA-256: d82502be59ae4431a93ddb3c4d6281c2f96925201e522f666de64a026b682aa2
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file was flagged by multiple heuristics, including ML_NYX_PDF_MALICIOUS and CLAMAV_DETECTION: Heuristics.PDF.ObfuscatedNameObject, indicating malicious intent. Embedded JavaScript was detected, suggesting the file attempts to execute arbitrary code. The ML classifier output of 0.995397 further supports the malicious classification. The specific obfuscation technique used by ClamAV suggests a common method for evading detection in PDF documents.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9954

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0011_000.js
ff85b44f7d06834e69a161aee8e28b7340c56fef50ee1649100cb6f376ea5386		 pdf-javascript-stream PDF /JS object 11 at offset 0x1364 2324 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.