PDF malware analysis — malicious · 0119e54e13df25d9

MALICIOUS

PDF

2.8 KB

MD5: 91fbd3fa339b2b140ff99a4a3a715556 SHA-1: 8e46b81edc095c987d87c0435f9d38fd246694ed SHA-256: 0119e54e13df25d9fdfa365569bee3827698b72c05febe5a71db098cac3032a7

66 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file was flagged as malicious by an ML classifier with high confidence. Heuristics indicate the use of XFA forms and ASCIIHexDecode filters, which are often associated with PDF exploits. The document body contains obfuscated content, suggesting an attempt to hide malicious code or exploit.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic

Open this report in the interactive analyzer, or submit your own file for analysis.