PDF malware analysis — malicious · 4b22b418d47ddbc2

MALICIOUS

PDF

1.4 KB

MD5: b88086fac095c7da85e5ea7b77a87161 SHA-1: 24b6c7436928d0b192b2722128b9764d18add42e SHA-256: 4b22b418d47ddbc24ebc9a7f6af7b05a479a73d585e47e6dddd017a30f738ad6

76 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution: Malicious File

The PDF file contains embedded JavaScript and uses ASCIIHexDecode filters, which are common indicators of malicious PDF documents. The ML classifier strongly flagged this file as malicious. The embedded 'CYsoVyap.swf' suggests an attempt to load or execute a Flash-based exploit or payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 5

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL

The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.

Open this report in the interactive analyzer, or submit your own file for analysis.