Malicious PDF — malware analysis report

Static analysis result for SHA-256 f17ed2e36be80b48…

MALICIOUS

PDF

6.0 KB
MD5: ab08914a1a6c0dfb537f6eb7cc6e4763 SHA-1: 16d91c66855cbcfe1c7e18c8d0ef25e326d2690f SHA-256: f17ed2e36be80b489d58ebe939223b4f2cd6b514ed83a7ccdcca00d194274d33
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link: Malicious File

The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for obfuscated objects and a high ML classifier score. The presence of embedded JavaScript actions and streams indicates an attempt to execute malicious code upon opening the document, likely leading to further exploitation or payload delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.