Malicious PDF — malware analysis report

Static analysis result for SHA-256 7b331923d53e26fd…

MALICIOUS

PDF

3.8 KB
MD5: a3e7fc282f80d3a8b1ed14f16df76bb8 SHA-1: 0bfaf1734828f9b9457eda21ccf0cb0073c342f3 SHA-256: 7b331923d53e26fda9688623bdfbb340d9f37a304b6e5012cde06515f8a7eaf1
86 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF exhibits malformed structure and contains embedded JavaScript, strongly indicating malicious intent. The ML classifier's high confidence score further supports this. The malformed nature suggests an attempt to evade standard PDF parsing and analysis.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Malformed PDF header with no object graph high PDF_MALFORMED_NO_OBJECT_GRAPH
    File starts with a PDF header but contains no indirect objects, xref table/stream, or startxref pointer. This is not a normal renderable PDF and can indicate parser fuzzing, evasion, or a corrupt exploit test case rather than benign content.
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.