PDF malware analysis — malicious · 733eb0e12aa4e15a

MALICIOUS

PDF

28.1 KB

MD5: ffc1444940f481d964080714944858bb SHA-1: e21a6761ad7aa6054e9b83e3f09d356e314299e5 SHA-256: 733eb0e12aa4e15ab76391648d83de087ff933bbe8ebc4f8e6e31da839abc639

74 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF file was flagged as malicious by an ML classifier with high confidence. Static analysis revealed embedded JavaScript and the use of PDF filters (ASCIIHexDecode, ASCII85Decode) often associated with obfuscation and exploit delivery. The JavaScript is likely responsible for downloading and executing a second-stage payload, a common technique for initial compromise via spearphishing attachments.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.