PDF malware analysis — malicious · 9e1ad1339a6ac10e

MALICIOUS

PDF

1.4 KB

MD5: f40fc1d0cb95db5b540228f5a7a22904 SHA-1: 921a22c44acc5aad918aa697d865514d7f4f3ba9 SHA-256: 9e1ad1339a6ac10e5a8fcb6e06ee47eba40dad688156f01584e4de229a750481

114 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious JavaScript

The PDF sample contains embedded JavaScript with an eval() call, indicating an attempt to execute arbitrary code. The ML classifier strongly suggests malicious intent. The presence of JavaScript actions and streams, along with ASCIIHexDecode filters, points to a common PDF exploitation technique. The script's purpose is likely to download and execute a second-stage payload, although the specific URL or payload is not directly extractable from the provided evidence.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 5

eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Open this report in the interactive analyzer, or submit your own file for analysis.