PDF malware analysis — malicious · 43115c27f292bbbb

MALICIOUS

PDF

736 B

MD5: 55a68ca5a6a6cb597258a64cb7131176 SHA-1: 3decce559183f21084425d04359b07068e00e940 SHA-256: 43115c27f292bbbb9613b384919331ad8c0659bf035bacb02d0f64e7c7410a28

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF file contains embedded JavaScript, indicated by multiple heuristic firings including PDF_JAVASCRIPT and PDF_JS. A machine learning classifier also flagged the PDF as highly malicious. The presence of correlated malicious JavaScript signals suggests the script is intended to execute malicious code, likely for further exploitation or payload delivery.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 3

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.