PDF malware analysis — malicious · 8bd4d8232d58e570

MALICIOUS

PDF

5.5 KB Created: ÐÈÈMHöC³Ã/ªC Authoring application: Ç@EöT°Ù.®A (via Ç@E>Å×QCýÙOn[Jì7)

MD5: 7193b156f144bf9ddd77544dbc22031b SHA-1: 4d2062d3d29fbef0e48244734ac3bb73de9a4018 SHA-256: 8bd4d8232d58e57038157cf9447cfa260dd4cbffa45f346e24dcac42b054ebb4

86 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

This PDF sample was flagged as malicious by an ML classifier with high confidence. It contains embedded JavaScript, which is used to obfuscate the document's content and likely execute a secondary payload. The PDF is also encrypted and uses an OpenAction, further hiding its malicious intent from static analysis. The specific JavaScript code was too obfuscated to determine its exact function, but its presence in an encrypted PDF strongly suggests a malicious downloader or dropper.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Encrypted PDF carries /OpenAction — payload hidden from static analysis high PDF_ENCRYPTED_WITH_JS

PDF declares /Encrypt and also references an executable trigger (/OpenAction). Document encryption hides the JavaScript body and stream contents from static scanners — combined with auto-execution indicators this is a known evasion pattern used to deliver weaponised JavaScript that the analyst cannot inspect without the decryption key.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.