PDF malware analysis — malicious · 7679df572b2fb57c

MALICIOUS

PDF

5.0 KB Created: 2010-06-16 08:34:22 Authoring application: Amyuni PDF Creator (via Amyuni PDF Converter version 2.50f)

MD5: 9b61eed2b9e4c1f9f09ecbf926b7aa20 SHA-1: f02d794ed5128abe54180aa5bbd1a6e6339c3b86 SHA-256: 7679df572b2fb57cefe3a70dc857b5e70817280ebbd0aceba63c5b1a2a6d5558

138 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution

The PDF file contains JavaScript code that triggers an exploit, as indicated by the PDF_JAVASCRIPT, PDF_EVAL, and PDF_JS_EXPLOIT_CLUSTER heuristics. The ML classifier also strongly suggests maliciousness. The JavaScript appears to be obfuscated and attempts to execute a payload, but the exact nature of the payload and its destination could not be determined from the provided evidence.

Machine Learning

Nyx PDF Classifier malicious score 0.9997

Heuristics 3

PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER

PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.