PDF malware analysis — malicious · 074dbe18baf7f98a

MALICIOUS

PDF

4.8 KB Created: 2010-06-16 08:34:22 Authoring application: Amyuni PDF Creator (via Amyuni PDF Converter version 2.50f)

MD5: 705f69eac47b2e6b2effeb815ea42dd7 SHA-1: 6ce6162e16b6c22d1fee2fb2096fcbb007a0350c SHA-256: 074dbe18baf7f98a895bea61a2c29e8780b3fede74a59d5fd3dd8329c3cf5e65

138 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF sample contains JavaScript with an eval() call, indicating an attempt to execute arbitrary code. The ML classifier strongly suggests maliciousness. The JavaScript is likely responsible for downloading and executing a second-stage payload, although the exact URL or payload is not directly extractable from the provided evidence.

Machine Learning

Nyx PDF Classifier malicious score 0.9997

Heuristics 3

PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER

PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.