PDF malware analysis — malicious · 31b7cd78d0166048

MALICIOUS

PDF

254.5 KB Created: 2010-11-29 10:29:36 Authoring application: FPDF 1.6

MD5: 0d355b759d2e6d76bcf033c28e34c695 SHA-1: 861358e544794af4a056b5abd32462622679542d SHA-256: 31b7cd78d01660481098f76dc201afe139138325daed4fce6e9e2b6dbc1699d8

74 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript and utilizes ASCIIHexDecode filters, indicating an attempt to obfuscate malicious code. The ML classifier strongly flagged this PDF as malicious. While the specific intent of the JavaScript is not fully discernible due to truncation and potential obfuscation, its presence alongside exploit indicators suggests it's designed to download and execute a secondary payload or exploit a vulnerability. The document body is unreadable, providing no further context.

Machine Learning

Nyx PDF Classifier malicious score 0.9998

Heuristics 5

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xdp/
- http://www.xfa.org/schema/xci/2.6/
- http://www.xfa.org/schema/xfa-template/2.6/

Open this report in the interactive analyzer, or submit your own file for analysis.