Malicious PDF — malware analysis report

Static analysis result for SHA-256 a6caad3a2f253f5c…

MALICIOUS

PDF

592 B
MD5: f9029d36bcd58058db09cb120504b822 SHA-1: f9f304a0a2af8b100861a4965d237b59e938c0d4 SHA-256: a6caad3a2f253f5c5704477696f4500ba1cee08e0427b64a59b59ef9c1cae57a
86 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 Command and Scripting Interpreter: PowerShell T1204.002 Malicious Link: Malicious File

The PDF contains embedded JavaScript, which is further obfuscated by an eval() call. This indicates an attempt to execute malicious code upon opening the document, likely to download and run a second-stage payload. The ML classifier strongly supports the malicious nature of this file.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • eval() call high PDF_EVAL
    eval() found — commonly used for obfuscated exploit execution (matched inside decoded stream)
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.