PDF malware analysis — malicious · 042247aa61fce559

MALICIOUS

PDF

27.2 KB

MD5: 5548b7c23b3ab9caabc73eeb0c135fc0 SHA-1: dd78bfb22a01739691f381ce9dc2ab7ff89aefe4 SHA-256: 042247aa61fce55914a1af9b4c361d1b6565676f4fa419dfe7fabd0e697fc802

74 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution

The sample is a PDF file flagged as malicious by an ML classifier. Static analysis detected embedded JavaScript and the use of ASCIIHexDecode and ASCII85Decode filters, which are often used to obfuscate malicious content within PDFs. The presence of JavaScript actions and embedded JS streams indicates an attempt to execute code, likely exploiting a vulnerability to achieve client execution.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.