Malicious PDF — malware analysis report

Static analysis result for SHA-256 37b6a691a19cdf7e…

MALICIOUS

PDF

5.8 KB
MD5: dc417f7a4d884f3f8cd1224148886f1a SHA-1: c7d27726e05844ad39b7347f099da3b3d56bb77b SHA-256: 37b6a691a19cdf7e2ae25b0076dd1c995f5e3ecdefbaa2d2bbdb3ef7d6f39651
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: Malicious File

The PDF file was flagged as malicious by a machine learning classifier with high confidence. Static analysis revealed embedded JavaScript, which is often used to exploit vulnerabilities or download further malicious payloads. The presence of PDF_JAVASCRIPT and PDF_JS heuristics, along with the critical PDF_CORRELATED_MALICIOUS_JS signal, strongly indicates that the embedded JavaScript is the primary mechanism for malicious activity.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS
    PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.