PDF malware analysis — malicious · 80f4a9efe1b30dec

MALICIOUS

PDF

6.7 KB Created: ÌróÔVý¹g&9ÛÕ Authoring application: ÛL2ªËßfVåºq'.ÙÔ (via ÛL2ªËßf7ÏXi9×J_\|+Êá1)

MD5: 3cafd9a55efdad50b135d84030b4d1c4 SHA-1: e6bf53a8d65af7ad1f9541080b526374d23b4a8a SHA-256: 80f4a9efe1b30dece4bb12507549acc2dbaf5855b2a650f2ceedd09daf8f3e35

86 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF contains embedded JavaScript and is encrypted with JavaScript, indicating an attempt to hide malicious code. The ML classifier strongly suggests malicious intent. The presence of JavaScript actions and embedded JS streams points to the execution of obfuscated code, likely to download and execute a secondary payload. The document body is unreadable, preventing further analysis of its lure.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Encrypted PDF carries /OpenAction — payload hidden from static analysis high PDF_ENCRYPTED_WITH_JS

PDF declares /Encrypt and also references an executable trigger (/OpenAction). Document encryption hides the JavaScript body and stream contents from static scanners — combined with auto-execution indicators this is a known evasion pattern used to deliver weaponised JavaScript that the analyst cannot inspect without the decryption key.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.