PDF malware analysis — malicious · 343a42225de43037

MALICIOUS

PDF

18.2 KB

MD5: 8635af02b56de971002207da141f2986 SHA-1: b225f35c96697c79fd75d6e317daaac1cf265bc6 SHA-256: 343a42225de43037afe2c477feca689e9b98f338dd4ecf0954828f61497f53fd

108 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript and uses an OpenAction trigger, indicating an attempt to execute code upon opening. The presence of ASCIIHexDecode filter with exploit indicators further supports this. The ML classifier strongly flags this PDF as malicious, suggesting it's designed to deliver a malicious payload.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 5

OpenAction trigger high PDF_OPENACTION

PDF has an /OpenAction that launches, submits, or opens an external target
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Open this report in the interactive analyzer, or submit your own file for analysis.