PDF malware analysis — malicious · 2cf456cb84f5a4bb

MALICIOUS

PDF

7.3 KB Created: 2009-07-13 19:22:54 Authoring application: jwnp (via CNO)

MD5: 9e473a10e40e440ff2ce80e5391a4b92 SHA-1: 9cfc0ed120098f829f8f63900450d86ff39c314d SHA-256: 2cf456cb84f5a4bbee82bede320095f23bbecf6862591c4073f53d8d55dee442

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/Shell

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings including PDF_JAVASCRIPT and PDF_JS. The ML classifier also flagged it as malicious with high confidence. The JavaScript is likely intended to exploit a vulnerability within the PDF viewer to execute arbitrary code. The authoring application 'jwnp' is included as a potential indicator.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.