PDF malware analysis — malicious · 833afa2ec9422df7

MALICIOUS

PDF

33.8 KB

MD5: fbf2f10dd31c1480384beb7bad27e8b2 SHA-1: f2b8c69e861c414eb4a2db36d74abc6a9de161f5 SHA-256: 833afa2ec9422df7f2df1afbe70973881d5490483d23e02b83ce939b044886eb

74 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF contains embedded JavaScript and utilizes ASCIIHexDecode and ASCII85Decode filters, which are common in exploit-laden documents. The ML classifier strongly indicates maliciousness, suggesting the JavaScript likely attempts to exploit a vulnerability or download a secondary payload.

Machine Learning

Nyx PDF Classifier malicious score 0.9998

Heuristics 4

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.