CLEAN
6
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 JavaScript
T1204.002 Malicious Link
The PDF file contains embedded JavaScript and is flagged for a JPXDecode-related vulnerability (CVE-2018-4990 family). This suggests an attempt to exploit a PDF viewer vulnerability to execute code. The embedded JavaScript is likely responsible for initiating the exploit chain. Several unknown URLs were also found within the document, which could be used for command and control or further payload delivery.
Machine Learning
- Nyx PDF Classifier clean score 0.0007
Heuristics 3
-
JPXDecode + active content — JPEG2000 CVE-family indicator info PDF_JPX_CVE_2018_4990_RELATEDPDF uses /JPXDecode (JPEG2000) alongside JavaScript, XFA, or RichMedia indicators. This matches the delivery pattern for Adobe Reader JPEG2000 parser exploit families, including CVE-2018-4990, but does not prove the exact malformed JP2/JPX primitive.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.color.org In PDF document text
- http://www.mitutoyo.comIn PDF document text
- http://www.color.org)/S/GTS_PDFX/Type/OutputIntentIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/t/pg/In PDF document text
- http://ns.adobe.com/xap/1.0/sType/Dimensions#In PDF document text
- http://ns.adobe.com/xap/1.0/sType/Font#In PDF document text
- http://ns.adobe.com/xap/1.0/g/In PDF document text
- http://ns.adobe.com/illustrator/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#In PDF document text
- http://www.npes.org/pdfx/ns/id/In PDF document text
- http://ns.adobe.com/pdfx/1.3/In PDF document text
Extracted artifacts 15
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_cff_off00002560.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x2560 | 5464 bytes |
SHA-256: 364c211c69033492601ae35f0529a80f1f7cff1a066a8c25d2491480fe9a64f9 |
|||
font_01_cff_off00003805.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x3805 | 4525 bytes |
SHA-256: 7dbb46a62615e71112d3f098ffd8a764c1e3ffe852a2c504cb38bae6915f7599 |
|||
font_02_cff_off00004736.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x4736 | 4696 bytes |
SHA-256: 993b8fab1a2e2c2fecab59346954e588bb94d86146a5aae54b379c4d513d5cb6 |
|||
font_03_cff_off000057f3.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x57F3 | 1699 bytes |
SHA-256: 1351d470a97892357d4ac14a0891416a03b109b1d7b72b6e20c00b40b2400477 |
|||
font_04_cff_off00005cfa.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x5CFA | 2254 bytes |
SHA-256: 0a1d64303716e3d6fbb0812ab1b5528b554651bccdf8c5dfbe5ba3d68a455bb9 |
|||
font_05_cff_off0029a239.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x29A239 | 2736 bytes |
SHA-256: 1f6341e992be7fbc8062cb233ec642a8c1827613da411817fc0799e492411798 |
|||
font_06_cff_off0029ae1d.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x29AE1D | 1534 bytes |
SHA-256: 3a1be6d2fe12a5db6bb996b31c8c32df551a9d89b3d35f4bde196ce636a323e2 |
|||
font_07_cff_off0029b55e.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x29B55E | 3287 bytes |
SHA-256: ca38af2f47562334fbdf8e1c53ab4489c367570b38be783752a4058d744f48ad |
|||
font_08_cff_off0029c282.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x29C282 | 3755 bytes |
SHA-256: fa39f9cd3fe30bef3c90289775f62d621a586c9d9be30f9d4c34fcb898696f77 |
|||
font_09_cff_off0029cfa4.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x29CFA4 | 2215 bytes |
SHA-256: ee92b265ab95283db69680dbc39b271bbd793f2a7eea44d77d39309c81089396 |
|||
font_10_cff_off002bfa0c.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x2BFA0C | 3688 bytes |
SHA-256: aa8d6ae1906f4c316ffb3b2d2bad079e4178c2a5d10c1612b731bebaf40216a5 |
|||
font_11_cff_off002c0ae7.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x2C0AE7 | 1641 bytes |
SHA-256: c43ef47096b79d839044106127f0334fdf9db3e702316ff3ee5cdf6cd85b074d |
|||
font_12_cff_off002c3d9a.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x2C3D9A | 1358 bytes |
SHA-256: 35c0743ee1a7be73e1a0a5ecfcc0a4cb894ead7f850563f25f879bd05612418c |
|||
font_13_cff_off002c5675.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x2C5675 | 2835 bytes |
SHA-256: 6544ae53afbfe2baab70279b066d42b498a510afb0b276d4e6e89b6944eff155 |
|||
font_14_cff_off002c6116.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x2C6116 | 3846 bytes |
SHA-256: 14166707d451680ba4f73589f55b4ea771cdf736a63d9837b344d972195ae607 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.