Malicious PDF — malware analysis report

Static analysis result for SHA-256 87e9b260faab8762…

MALICIOUS

PDF

4.8 KB Created: 2010-06-16 08:34:22 Authoring application: Amyuni PDF Creator (via Amyuni PDF Converter version 2.50f)
MD5: e066f37f0eafe4a85aa0c54d80ce61e1 SHA-1: c89131d685e4a56b5045db906ab3f636990515a3 SHA-256: 87e9b260faab876257b2a37e3e6da593b67aa585c9982d11137bc2632a47806d
138 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution

The PDF file contains JavaScript code that triggers an eval() call, indicating an attempt to execute arbitrary code. This is further supported by the PDF JavaScript exploit cluster heuristic. The ML classifier also flagged the PDF as malicious with high confidence. No specific family could be identified, and no direct IOCs like URLs or hashes were extracted from the provided evidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9997

Heuristics 3

  • PDF JavaScript exploit cluster critical PDF_JS_EXPLOIT_CLUSTER
    PDF combines an executable JavaScript/action surface with exploit staging indicators such as eval/unescape/fromCharCode, XFA script content, or a related CVE pattern. Benign form JavaScript remains low-severity, but this correlated cluster is high-confidence malicious behavior.
  • eval() call high PDF_EVAL
    eval() found — commonly used for obfuscated exploit execution
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.