PDF malware analysis — malicious · 64421f1783ec1a96

MALICIOUS

PDF

9.1 KB

MD5: 4669ae31fac6d1fde9caa621e352ad98 SHA-1: bc130e7c2d1c119337efa0dd1b7b5cd3c2012038 SHA-256: 64421f1783ec1a9611fe4b48c2e0a2c354f8eea9bb1010dbc15e96f5c82787be

66 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution

The PDF sample contains embedded JavaScript and uses ASCIIHexDecode filters, indicating an attempt to exploit a vulnerability. The ML classifier strongly suggests malicious intent. The embedded JavaScript is likely designed to execute a malicious payload, contributing to the overall attack.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.