Malicious PDF — malware analysis report

Static analysis result for SHA-256 61e9c3ce13223834…

MALICIOUS

PDF

3.8 KB
MD5: a53ed4dd315f72819c5ecf85cc26fe47 SHA-1: bd5463e955dbf936841d968e9b5f5d81fa85f231 SHA-256: 61e9c3ce132238343abde65ba070081d6a48d9f174e85b5c2bc03714dd0016d6
86 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution

This PDF exhibits significant structural malformations, including a missing object graph, which strongly suggests it is not a standard document but rather an attempt to exploit vulnerabilities. The presence of JavaScript actions and embedded JS streams further indicates malicious intent, likely to execute an exploit. The ML classifier's high confidence score reinforces the assessment of maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Malformed PDF header with no object graph high PDF_MALFORMED_NO_OBJECT_GRAPH
    File starts with a PDF header but contains no indirect objects, xref table/stream, or startxref pointer. This is not a normal renderable PDF and can indicate parser fuzzing, evasion, or a corrupt exploit test case rather than benign content.
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.