PDF malware analysis — malicious · 6a8204ee7b703f96

MALICIOUS

PDF

5.4 KB

MD5: f989e3107fd0005fe97b2fc20b7c0a6e SHA-1: f50ab35ada91289be8334f30599d487f50743bcb SHA-256: 6a8204ee7b703f96f811f32f903ac9df4045b05910d633fc34fed89e2e0a7576

134 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution

The PDF file contains obfuscated JavaScript, indicated by multiple heuristic firings related to JavaScript and decoding filters. The ML classifier and ClamAV detection strongly suggest malicious intent, likely involving exploitation of a PDF vulnerability to execute the embedded script. The script's purpose is to execute arbitrary code, as evidenced by the 'Exploitation for Client Execution' technique.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 5

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.