PDF malware analysis — malicious · 0f52d2d24a7e77f1

MALICIOUS

PDF

27.2 KB

MD5: f8de956f22d67ac990af31f43a0a86bc SHA-1: f080feb485e7a5976390e1054857869ec3a0be67 SHA-256: 0f52d2d24a7e77f1275b555d0d156018713bf22ca6a7e344065dcb16835d1440

74 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF document contains embedded JavaScript, which is obfuscated using ASCIIHexDecode and ASCII85Decode filters. The ML classifier strongly indicates maliciousness. The JavaScript is likely responsible for downloading and executing a secondary payload, a common technique for initial compromise via spearphishing attachments.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.