PDF malware analysis — malicious · 3a29c604289b9e88

MALICIOUS

PDF

5.1 KB Created: Ag6¥0uÃ±f4k Authoring application: ]>dès`ß²p6n (via ]>dès`zµÇ~IÞ=Oz|ðÚ4VÌê)

MD5: db99226a44b7cc10e73f89af5e4bcf82 SHA-1: 0efa4d8cbdf2095db8d26e4aa89006a806ff7811 SHA-256: 3a29c604289b9e888c349352aed90e68b0ed8f2c83f353a78966bb993c216272

86 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript

The PDF was flagged as malicious by an ML classifier with high confidence. It contains embedded JavaScript and is encrypted, with the JavaScript action likely used to decrypt and execute the payload. The presence of JavaScript actions and encryption suggests an attempt to obscure malicious content, a common tactic for initial access.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Encrypted PDF carries /OpenAction — payload hidden from static analysis high PDF_ENCRYPTED_WITH_JS

PDF declares /Encrypt and also references an executable trigger (/OpenAction). Document encryption hides the JavaScript body and stream contents from static scanners — combined with auto-execution indicators this is a known evasion pattern used to deliver weaponised JavaScript that the analyst cannot inspect without the decryption key.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.