PDF malware analysis — malicious · 65f7d881f6351940

MALICIOUS

PDF

4.8 KB Created: 2010-06-16 08:34:22 Authoring application: Amyuni PDF Creator (via Amyuni PDF Converter version 2.50f)

MD5: e88ba29b176539628674ce4b8ebe7cd3 SHA-1: 273f47d48f2a19b7d0a77ceb5a3d1b8bf6c17308 SHA-256: 65f7d881f635194084da444235e769c24b549ded422792fea437704dfd2692ce

138 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1059.007 JavaScript

The PDF sample contains JavaScript with an eval() call, indicating an attempt to execute arbitrary code. The PDF JavaScript exploit cluster heuristic firing further supports this. The ML classifier also strongly flagged this PDF as malicious. The exact nature of the exploit and payload could not be determined due to obfuscation.

Machine Learning

Nyx PDF Classifier malicious score 0.9997

Heuristics 3

PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER

PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.