PDF malware analysis — malicious · e3036087945090af

MALICIOUS

PDF

320.0 KB

MD5: d82f3e67d4b39f696f2d0a643d51c648 SHA-1: e99fde554f025312e4cd8840c65902d667c3c6d9 SHA-256: e3036087945090afc97b387e0962c9f6f6a904c3c047a91fc71b6aee96fe93f5

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged as malicious by ML classifiers and ClamAV due to obfuscated JavaScript content. The embedded JavaScript stream, named 'javascript_obj0012_000.js', is likely responsible for executing malicious actions. The presence of an embedded URL to 'http://www.bitstream.com' suggests a potential download or redirection target. The overall attack pattern points towards a malicious document designed to deliver a secondary payload.

Machine Learning

Nyx PDF Classifier malicious score 0.9800

Heuristics 4

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.bitstream.com

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0012_000.js` `ac8941740c12f3debc0543b15e5dd5898bedacd5292ed663253268da8fa5e8c7`	pdf-javascript-stream	PDF /JS object 12 at offset 0x105F2	323456 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.