PDF malware analysis — malicious · 4ad91eaa5b990639

MALICIOUS

PDF

38.1 KB

MD5: e42c9de21ab38e809962d305724a9f66 SHA-1: dea9641db38d34da4959bd118327eb5f9938656d SHA-256: 4ad91eaa5b990639643595d53ca2d737a5041ab6c285a87da007c89ad5701e0f

86 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF contains embedded JavaScript that utilizes an eval() call, strongly indicating malicious intent. The ML classifier also flagged this PDF with high confidence. The primary function of the script appears to be the execution of arbitrary code, likely to download and execute a secondary payload. No specific family could be identified, but the techniques used are common for initial access and payload delivery.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution (matched inside decoded stream)
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0032_000.js` `0691f84683a415684e6edee102ea4769e4fbf7749f0e783008edbad6e6829eef`	pdf-javascript-stream	PDF /JS object 32 at offset 0x2CA	3324037 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.