PDF malware analysis — malicious · ff4cfd6601bf4bb0

MALICIOUS

PDF

6.7 KB Created: 2010-09-03 08:30:37 Authoring application: Xijokanilohova (via 7579dKmgxaloxaxgi)

MD5: e1e8da62629d575036997464a7fd86d1 SHA-1: 86903d706942fc4519186bdc9573bacd820ac123 SHA-256: ff4cfd6601bf4bb0af286e43c69f17f8e558ad5c0b1d4bedfa43e5357ce67f21

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.002 Spearphishing Attachment

The file is a PDF identified as malicious by a machine learning classifier and ClamAV with a critical heuristic for obfuscated objects. It contains embedded JavaScript, indicating an attempt to exploit vulnerabilities within the PDF reader. The JavaScript is likely responsible for downloading and executing a second-stage payload, though its exact function is obscured. The presence of JavaScript actions and embedded JS streams points to a common delivery mechanism for malware.

Machine Learning

Nyx PDF Classifier malicious score 0.9925

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0011_000.js` `d75aba2bc241d027161697fa7aada0bf45c7afe5b58fce1bb0bf66350349f123`	pdf-javascript-stream	PDF /JS object 11 at offset 0x1208	1983 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.