PDF malware analysis — malicious · 7efe7f84e9f48f68

MALICIOUS

PDF

3.8 KB

MD5: 4ed0683de8bd8629cc6b6b565badf113 SHA-1: fbb8a72d798de98256237c95ef03ceefa8874831 SHA-256: 7efe7f84e9f48f68f8705c0f143f2a6406f8f9ce680b052195525f99fde2be17

146 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious Link

The PDF exhibits multiple high-severity heuristic firings indicating it is malformed and contains malicious JavaScript. The ML classifier strongly flags it as malicious, and the correlation of PDF-specific JavaScript signals further supports this. The malformed nature suggests an attempt at evasion or exploitation rather than legitimate document content.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
Malformed PDF header with no object graph high PDF_MALFORMED_NO_OBJECT_GRAPH

File starts with a PDF header but contains no indirect objects, xref table/stream, or startxref pointer. This is not a normal renderable PDF and can indicate parser fuzzing, evasion, or a corrupt exploit test case rather than benign content.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.