PDF malware analysis — malicious · 1b4027d6c3f53e6a

MALICIOUS

PDF

12.9 KB

MD5: 29e21f295dabec3d4d7ffa8708e278f3 SHA-1: d6d2e73f1465ada46648311b4e36f70b2ff1d09c SHA-256: 1b4027d6c3f53e6a929ecf4acf78d6075a0bb7c28f5835dc7495721862ec8857

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ML_NYX_PDF_MALICIOUS and PDF_CORRELATED_MALICIOUS_JS heuristics strongly suggest this JavaScript is malicious. While the exact script functionality is not detailed, its presence and the high confidence ML score point to an attack pattern involving the exploitation of PDF vulnerabilities to run arbitrary code. No specific IOCs were extracted from the document body or scripts.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.