PDF malware analysis — malicious · 16f462f3c705be0a

MALICIOUS

PDF

5.5 KB

MD5: 147e0a652e408ef0003fad9a6ea92561 SHA-1: 933e1c6f3a3162018788ac4926b94b7f8eb8c796 SHA-256: 16f462f3c705be0a82ce4e4d21a47500656230fc16ebc79db7f640b4f8d3fe28

126 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF contains embedded JavaScript, flagged by multiple heuristics including ML and ClamAV detection. The JavaScript is likely responsible for downloading and executing a secondary payload, a common technique for dropper malware. The presence of JavaScript actions and streams within the PDF points to exploitation for client execution.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ClamAV: Pdf.Dropper.Agent-1828640 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-1828640
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.