MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1204.002 Malicious File
This PDF file contains embedded JavaScript and U3D content, which is a known indicator for exploits targeting Adobe Reader's 3D parsing functionality (CVE-family). The ML classifier and ClamAV heuristic firings strongly suggest malicious intent. The embedded JavaScript is likely responsible for executing the exploit and delivering a secondary payload, although its exact function is obfuscated.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 6
-
U3D/3D content in PDF — Adobe Reader 3D parser CVE-family indicator high PDF_U3D_CVE_RELATEDPDF contains U3D (Universal 3D) or 3D annotation content — CVE-2011-2462 and CVE-2009-3953 are critical vulnerabilities in Adobe Reader's U3D processing that allow arbitrary code execution. U3D content in PDFs is extremely rare in normal documents.
-
ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTIONClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
-
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEXHex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
-
JavaScript action low PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation
Open this report in the interactive analyzer, or submit your own file for analysis.