Malicious PDF — malware analysis report

Static analysis result for SHA-256 497a393fc39af05b…

MALICIOUS

PDF

3.8 KB
MD5: a7d75a55da421cebaeb831cbe6b6df61 SHA-1: 292b988b72c13d716376130a92a4100560b3456f SHA-256: 497a393fc39af05b42bf56fe833877f94fc04b7d452fc1740e242a303ce1cc1a
86 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF exhibits malformed structure, lacking a standard object graph, which is a strong indicator of evasion or exploit attempts rather than legitimate content. The presence of JavaScript actions and embedded JS streams further suggests malicious intent, likely to deliver a second-stage payload. The ML classifier strongly supports a malicious verdict.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Malformed PDF header with no object graph high PDF_MALFORMED_NO_OBJECT_GRAPH
    File starts with a PDF header but contains no indirect objects, xref table/stream, or startxref pointer. This is not a normal renderable PDF and can indicate parser fuzzing, evasion, or a corrupt exploit test case rather than benign content.
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.