PDF malware analysis — malicious · 7e14edc055a69e3a

MALICIOUS

PDF

25.0 KB Created: 2010-02-23 15:41:05 Authoring application: FPDF 1.6

MD5: c1fa8bd11869121bba216447d822dea8 SHA-1: 1cd1ee03086d8985bfe747f6380242e9f1b91b47 SHA-256: 7e14edc055a69e3ab3f92304ddfae255ddb8af7ded4f34e230e407b393ebcee3

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ML_NYX_PDF_MALICIOUS and PDF_CORRELATED_MALICIOUS_JS heuristics confirm the malicious nature of this JavaScript. The script is likely designed to download and execute a second-stage payload, although the specific actions are obscured by the PDF format and potential obfuscation. The document body is unreadable, providing no further context on the lure.

Machine Learning

Nyx PDF Classifier malicious score 0.9998

Heuristics 3

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.