PDF malware analysis — malicious · 73fb1333b7d05289

MALICIOUS

PDF

29.6 KB

MD5: b4601ef6a4b75f11a0b760d89e2cc95e SHA-1: 3030e3b2cccb67bf9c2e27342909f2f56d9bcde3 SHA-256: 73fb1333b7d0528993e81844e2b13ca9250cab6a7f0ef137fed9befe46454ac2

74 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1059.007 JavaScript

The PDF file contains embedded JavaScript and uses obfuscation filters like ASCIIHexDecode and ASCII85Decode, indicating an attempt to exploit vulnerabilities for code execution. The ML classifier strongly flags this PDF as malicious. No specific family is identifiable from the available evidence.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.