Malicious PDF — malware analysis report

Static analysis result for SHA-256 a002e8814b3401e8…

MALICIOUS

PDF

4.9 KB
MD5: 8ac6ded6622d2599a93027a1d79c9e05 SHA-1: cf9da7b193bff43929c4b45cdc2a9a781f6ad5cd SHA-256: a002e8814b3401e81788425b51970c16efbf77c28554a7aa93b8e2d87cd3751a
86 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file was flagged as malicious by an ML classifier and contains an eval() call, indicating the execution of arbitrary code. The presence of embedded files and XFA forms are common techniques used in malicious PDFs. The JavaScript embedded within the document likely attempts to exploit vulnerabilities or download further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9989

Heuristics 4

  • eval() call high PDF_EVAL
    eval() found — commonly used for obfuscated exploit execution
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ns.adobe.com/xdp/
    • http://www.xfa.org/schema/xci/1.0/
    • http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.