PDF malware analysis — malicious · aae10dd12bda660b

MALICIOUS

PDF

55.4 KB

MD5: 8311f1a296d015be8c37c5f6e0843cc3 SHA-1: 512ef6e63d11dffdb43c08f988747a6d5bee73fa SHA-256: aae10dd12bda660b1d121b1111564812233a2e4bf55a6418dd138735bae3cd4e

74 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious JavaScript

The PDF contains embedded JavaScript and uses filters like ASCIIHexDecode and ASCII85Decode, which are often employed to obfuscate malicious code. The ML classifier strongly indicates malicious intent. The presence of JavaScript actions and streams suggests the PDF is designed to execute code, likely to exploit a vulnerability or download a secondary payload.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 4

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.