MALICIOUS
70
Risk Score
Malware Insights
The WEBSHELL_PHP heuristic indicates the file is a PHP webshell, likely intended for command execution. The presence of '$_GET["desec"]' suggests it processes user input for command execution, a common webshell technique. While the file type is PDF, the heuristic strongly suggests PHP code was embedded or the file is misclassified.
Machine Learning
- Nyx PDF Classifier malicious score 0.9768
Heuristics 1
-
PHP webshell / backdoor source high WEBSHELL_PHPThe file contains PHP server-side code with the signature of a webshell/backdoor (request input fed to a command/code-exec sink). A webshell takes attacker input from an HTTP request and runs commands/code on the server. Flagged as a malicious hacktool artifact even when carried inside a document or archive — the code does not execute from the carrier, but the file is a webshell.
Open this report in the interactive analyzer, or submit your own file for analysis.