PDF malware analysis — malicious · 10892c36ca69eb82

MALICIOUS

PDF

4.1 KB

MD5: eceb9488b10d2164e97ad0798e139fac SHA-1: a86fbced35b804db1782626d17b3b9a8a883f6af SHA-256: 10892c36ca69eb82a41907a508d4d65e4eb44fdf6a3501fdd612721592f0c7ef

134 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript and uses obfuscation filters (ASCIIHexDecode, ASCII85Decode) which are commonly used to hide malicious code. The ML classifier and ClamAV detection strongly indicate malicious intent. The embedded JavaScript is likely responsible for executing a secondary payload, a common technique for initial compromise.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 5

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.