PDF malware analysis — malicious · 12308b86026c48f4

MALICIOUS

PDF

3.8 KB

MD5: f8c557ff87b563a2fad4987d0b45eefc SHA-1: 22f5c6ed2ec313df5d0f3515f4ac2fdae388421e SHA-256: 12308b86026c48f4af5ec19477eed3f63c0d6c4cfbc836b69df3544ff0a67546

86 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution T1059.007 JavaScript

The sample is a malformed PDF, indicated by the 'PDF_MALFORMED_NO_OBJECT_GRAPH' heuristic, suggesting it's not a standard document but rather an attempt to exploit a parsing vulnerability. The presence of JavaScript actions and embedded JS streams further supports this, pointing towards an attempt to execute malicious code. The ML classifier strongly flags this PDF as malicious, reinforcing the conclusion that it is designed for exploitation.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Malformed PDF header with no object graph high PDF_MALFORMED_NO_OBJECT_GRAPH

File starts with a PDF header but contains no indirect objects, xref table/stream, or startxref pointer. This is not a normal renderable PDF and can indicate parser fuzzing, evasion, or a corrupt exploit test case rather than benign content.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.