PDF malware analysis — malicious · 2b6cd3f45116e80f

MALICIOUS

PDF

24.2 KB

MD5: b1df607a974c381e5336017353c540fc SHA-1: 13e3380e3f831ad3eff0fdbfa3ab6e5bc6af7c66 SHA-256: 2b6cd3f45116e80f4ed1023d6048c9c310f0014f2ffc10c3530938db14151594

74 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF contains embedded JavaScript and utilizes encoding filters (ASCIIHexDecode, ASCII85Decode) often associated with exploit delivery. The ML classifier strongly indicates malicious intent, likely to execute a second-stage payload via the JavaScript.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.