PDF malware analysis — malicious · 2c76fd7b1d85eaf8

MALICIOUS

PDF

5.5 KB

MD5: aca3900c864a5401881ee4524669a896 SHA-1: a1d4bde084eaed240ef0e1c721b7dda491ba0509 SHA-256: 2c76fd7b1d85eaf80e5bd3b070ea2b79c365edcc8390174fbc9e2cda2e717da2

134 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.002 Spearphishing Attachment T1140 Deobfuscate/Decode Files or Information

The PDF contains embedded JavaScript and utilizes obfuscated filters (ASCIIHexDecode, ASCII85Decode) which are commonly used to hide malicious code. A machine learning classifier and ClamAV detection strongly indicate malicious intent, likely involving the execution of a second-stage payload. The specific attack pattern involves leveraging PDF vulnerabilities to execute arbitrary code.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 5

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.