PDF malware analysis — malicious · 4477cfe730158b9a

MALICIOUS

PDF

5.0 KB Created: ¨¹@ô=W¼IËsJ*É Authoring application: ¿àoÙ½PÊoM(Â (via ¿àoÙÜ:¿a2Î{m¯ê6`Ù×/¾.)

MD5: 47b9f7e7704fe9b9bbe49b29389bc22e SHA-1: df9c9346aad494793b86ef494ed667910f98268b SHA-256: 4477cfe730158b9a7cb8c042d17a22bb6870826fbe92c3951e785431fe49123d

86 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

This PDF file was flagged as malicious by an ML classifier and exhibits high-confidence heuristics for JavaScript-based obfuscation and encryption. The presence of PDF_ENCRYPTED_WITH_JS indicates that the document's content is hidden and likely executed via JavaScript, a common technique for delivering second-stage payloads. No document body text was available for analysis, but the heuristics strongly suggest a malicious intent related to JavaScript execution.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Encrypted PDF carries /OpenAction — payload hidden from static analysis high PDF_ENCRYPTED_WITH_JS

PDF declares /Encrypt and also references an executable trigger (/OpenAction). Document encryption hides the JavaScript body and stream contents from static scanners — combined with auto-execution indicators this is a known evasion pattern used to deliver weaponised JavaScript that the analyst cannot inspect without the decryption key.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.