PDF malware analysis — malicious · 9b6987318924bc35

MALICIOUS

PDF

207.1 KB Created: WQÝtrî*¥:0·3å( JÃQ«

MD5: 31a5215d834510d0dc26d9971d236a57 SHA-1: b178e14fcc8c2c3f58e4704782e68088570e2b1e SHA-256: 9b6987318924bc35ac45cef4ad643a1bf102b7f5293571f6cf10e7ddf3c12026

60 Risk Score

Malware Insights

MITRE ATT&CK

T1553.005 Mark-of-the-Web Bypass T1204.002 Malicious File

The PDF contains an embedded file, indicated by the PDF_EMBEDDED heuristic. Additionally, a remote GoTo action suggests an attempt to redirect the user to malicious content. The ML classifier strongly flagged this PDF as malicious. The document body was unreadable, but the combination of heuristics points to a malicious PDF designed to deliver a secondary payload.

Machine Learning

Nyx PDF Classifier malicious score 0.9782

Heuristics 3

Remote GoTo action medium PDF_GOTO_REMOTE

PDF references a remote or embedded document via GoToR/GoToE with an extension-less or unresolved target
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTED

PDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.

Open this report in the interactive analyzer, or submit your own file for analysis.