PDF malware analysis — malicious · 08c85083d6b310e1

MALICIOUS

PDF

29.2 KB

MD5: 3a17fd77f5735d96e4bbbda079ec65ec SHA-1: 6631f710ecf69594914b5cde7d483b4dcb4beec4 SHA-256: 08c85083d6b310e19f92a4262ef50485456cce54026d0d40ed9937ee8316e862

74 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The PDF file contains embedded JavaScript, which is heavily obfuscated using ASCIIHexDecode and ASCII85Decode filters. The ML classifier strongly indicates maliciousness. The JavaScript is likely responsible for downloading and executing a second-stage payload, a common technique for initial compromise.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.