Malicious PDF — malware analysis report

Static analysis result for SHA-256 64bf5f8544b6a976…

MALICIOUS

PDF

31.0 KB
MD5: 2e31fbc988c7c087eb6e60e82eb26f4a SHA-1: e69b597e7162b02a3324d9a3e3e48a8aeeccb939 SHA-256: 64bf5f8544b6a976dc7e9cf125924a278e076a012649094b1a01c1ca8ec57b61
74 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution

This PDF file was flagged as malicious by a machine learning classifier with high confidence. Static analysis revealed embedded JavaScript streams and actions, indicating an attempt to execute code. The presence of ASCIIHexDecode and ASCII85Decode filters suggests obfuscation techniques commonly used to hide malicious payloads within PDF documents, likely to exploit a client-side vulnerability.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 4

  • ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX
    Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85
    ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.