PDF malware analysis — malicious · 50f5492830b7b618

MALICIOUS

PDF

7.5 KB Created: 2009-07-13 19:22:54 Authoring application: QfdI3 (via gaFj)

MD5: 8be781a297a50dfd367675c5a14a5b2c SHA-1: d431b3257c2d3abc67fd30ac7a48430a6c032542 SHA-256: 50f5492830b7b61839869ca23a23e77e4d547cd8f6431f95996d7a6e55603567

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF sample contains embedded JavaScript, flagged by multiple heuristics as malicious. The ML classifier and correlated signals strongly indicate malicious intent. The JavaScript action is likely designed to download and execute a second-stage payload, a common technique for initial access.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.