CLEAN
10
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1566.001 Spearphishing Attachment
The PDF file exhibits suspicious characteristics, including the use of ASCII85Decode filters with exploit indicators. While the document body is heavily obfuscated and contains no readable text, the presence of embedded URLs suggests an attempt to direct the user to external resources. The heuristics indicate a potential for exploit delivery, but without further script analysis or clear textual lures, the exact attack pattern remains uncertain. The benign reputation of the extracted URLs reduces confidence in a direct payload download from those specific links.
Machine Learning
- Nyx PDF Classifier clean score 0.0004
Heuristics 2
-
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.come.to/bionrj In PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://ns.adobe.com/iX/1.0/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.