PDF malware analysis — malicious · 5a58faffd78488f0

MALICIOUS

PDF

4.7 KB Created: 2010-06-16 08:34:22 Authoring application: Amyuni PDF Creator (via Amyuni PDF Converter version 2.50f)

MD5: a5da2080f20ddbce1e9cee13ed08d4f3 SHA-1: d519bb0ee8c55c6866cbbe65588fa13ffb723f38 SHA-256: 5a58faffd78488f0abdf2ed998a55e179d7125f756a86a0def505f45aaaa59e9

138 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1059.007 JavaScript

The PDF file contains JavaScript that triggers an exploit, indicated by the PDF_JAVASCRIPT, PDF_EVAL, and PDF_JS_EXPLOIT_CLUSTER heuristics. The ML classifier also strongly suggests maliciousness. The JavaScript likely attempts to execute arbitrary code, which is a common technique for delivering further malicious payloads.

Machine Learning

Nyx PDF Classifier malicious score 0.9997

Heuristics 3

PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER

PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.