PDF malware analysis — malicious · 1e8347aede3d2740

MALICIOUS

PDF

3.6 KB Created: ]±3ðÈ3=¾é°Ä Authoring application: 7ñj¢ZBÑ0$¥ï¨Á (via 7ñj¢ZBÑQNå«ïÛÕú^OCb³Öµl4)

MD5: 14901c56b943eb8c79b81336af019fff SHA-1: 9fd3132ef592961c87069c667fc1e284c1ea2d9a SHA-256: 1e8347aede3d2740de538e13cd459889f580f7cac703d44f3980a7484baa81e8

86 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.002 Spearphishing Attachment

This PDF sample was flagged as malicious by an ML classifier with high confidence. It contains embedded JavaScript, which is used to encrypt the document's content and hide the payload from static analysis. The presence of JavaScript actions and encrypted objects indicates an attempt to obfuscate malicious content, likely for delivery of a secondary payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Encrypted PDF carries /OpenAction — payload hidden from static analysis high PDF_ENCRYPTED_WITH_JS

PDF declares /Encrypt and also references an executable trigger (/OpenAction). Document encryption hides the JavaScript body and stream contents from static scanners — combined with auto-execution indicators this is a known evasion pattern used to deliver weaponised JavaScript that the analyst cannot inspect without the decryption key.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.