PDF malware analysis — malicious · 37d209e42fb7e950

MALICIOUS

PDF

132.9 KB

MD5: 1ba96d7c303e3745e1f533ea6e730def SHA-1: 141c1b722434bd498a7ac5dd5918821c82fc8318 SHA-256: 37d209e42fb7e950271badf32cecdd1e1b3d04ec0e4a3631988570f8c26382ac

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF was flagged as malicious by an ML classifier and contains a remote GoTo action, indicating an attempt to redirect the user. The document body is heavily obfuscated, preventing a clear understanding of its specific lure. No scripts were extracted from this sample.

Machine Learning

Nyx PDF Classifier malicious score 0.8777

Heuristics 3

Remote GoTo action medium PDF_GOTO_REMOTE

PDF references a remote or embedded document via GoToR/GoToE with an extension-less or unresolved target
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTED

PDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.

Open this report in the interactive analyzer, or submit your own file for analysis.