Malicious PDF — malware analysis report

Static analysis result for SHA-256 49fd7389f7ff61d6…

MALICIOUS

PDF

3.8 KB
MD5: b91112e2c20ea7ff754a1909237fd4a6 SHA-1: c26220d8cdfdbd8e8e6ad38780be5367294d347a SHA-256: 49fd7389f7ff61d600214f4e9bf8560564c3ef0479627ff1c31477152aff00c0
86 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The sample is a malformed PDF with a high ML classifier score, indicating malicious intent. It contains embedded JavaScript, suggesting an attempt to execute malicious code within a PDF reader. The malformed nature and lack of a standard object graph point towards an exploit or evasion technique rather than legitimate document content.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Malformed PDF header with no object graph high PDF_MALFORMED_NO_OBJECT_GRAPH
    File starts with a PDF header but contains no indirect objects, xref table/stream, or startxref pointer. This is not a normal renderable PDF and can indicate parser fuzzing, evasion, or a corrupt exploit test case rather than benign content.
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.