PDF malware analysis — malicious · 12e1be082e039cc9

MALICIOUS

PDF

5.4 KB

MD5: 80a760f46287e7f75674afe0ee800458 SHA-1: 91536c7e9ea54192a08fd8af0664f557b88bd8ef SHA-256: 12e1be082e039cc9e89362f84d6f412cfaa949ac7c5524f35ac7db6e31f484e0

134 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript and uses obfuscation filters (ASCIIHexDecode, ASCII85Decode) which are common techniques for hiding malicious code. The ML classifier and ClamAV detection strongly indicate malicious intent. The embedded JavaScript is likely responsible for downloading and executing a secondary payload, a common attack pattern for malicious PDFs.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 5

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.