Malicious PDF — malware analysis report

Static analysis result for SHA-256 997efbc8cb25d985…

MALICIOUS

PDF

11.4 KB Created: 2010-02-16 19:41:09
MD5: 4b473887c367498840c81f4ec6f8eee1 SHA-1: 40237ced204222c9760a72c72455025741301fec SHA-256: 997efbc8cb25d985474b98026a0d83cd59de14eed04170932b50ca1b2c770a6f
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The file is a PDF document flagged as malicious by multiple heuristics, including a critical signal for correlated malicious JavaScript. The presence of embedded JavaScript streams indicates an attempt to execute code. While the specific JavaScript content is truncated and obfuscated, its presence strongly suggests an intent to exploit vulnerabilities or download and execute a second-stage payload.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS
    PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.