PDF malware analysis — malicious · e8b170bb5e142e04

MALICIOUS

PDF

27.7 KB Created: 2009-04-24 09:54:29 +02:00 Authoring application: PScript5.dll Version 5.2.2 (via Acrobat Distiller 7.0.5 (Windows))

MD5: fe6dc9f260b311701aec5773528c8dd6 SHA-1: 55e13ce11efeaacb914f7dab49102986fb454681 SHA-256: e8b170bb5e142e046e4b7dfdec9d193a2d498aa77dcf9217894ef34d181a7464

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF file contains embedded JavaScript, flagged by multiple heuristics including ML classification and ClamAV detection for obfuscated objects. The JavaScript appears to be heavily obfuscated, making it difficult to determine its exact function, but it is likely designed to download and execute a secondary payload. The presence of JavaScript actions and embedded JS streams strongly suggests a malicious intent.

Machine Learning

Nyx PDF Classifier malicious score 0.9964

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.