PDF malware analysis — malicious · 243e06ce424afe19

MALICIOUS

PDF

1.9 KB Authoring application: Xeholjre (via Rauejapopotepda)

MD5: 9b5e6370fe9d972e31164d5d8f99f90d SHA-1: 91f0b01f5ba73e2e75213541e6edac4f6716c2c8 SHA-256: 243e06ce424afe191833806c1e5ea8f18e0cbcfbba086eb74f8e2419400f7aa9

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/Shell

The PDF file was flagged as malicious by a machine learning classifier and exhibits multiple JavaScript-related heuristics. The embedded JavaScript stream is the primary indicator of malicious activity, likely serving as a downloader or initial execution vector for further malicious payloads. The document body contains obfuscated text that does not provide clear user-facing content, further supporting a malicious intent.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.