PDF malware analysis — malicious · 4cb7b709e83e2b13

MALICIOUS

PDF

5.5 KB

MD5: 6e37c158bfecac845b96f3c574439b47 SHA-1: b22f265c0fcb0d9894834b30bc863b43d10ea7c6 SHA-256: 4cb7b709e83e2b1325ecb704cf7bfc11b2095b5111125966026959a7c29c61aa

134 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript T1559.001 Component Object Model Hijacking

The PDF was flagged by a machine learning classifier and exhibits multiple heuristic indicators of maliciousness, including embedded JavaScript and the use of ASCIIHexDecode filters, which are often used in exploit delivery. The embedded JavaScript is the primary mechanism for exploitation, likely leading to the download and execution of a secondary payload.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 5

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Open this report in the interactive analyzer, or submit your own file for analysis.