PDF malware analysis — malicious · b1a337d1dd240c49

MALICIOUS

PDF

1.2 KB

MD5: f41d2347eb3d5e83c350643297ab8724 SHA-1: 50cf042643615742250c6d85b28a536d694bf2b8 SHA-256: b1a337d1dd240c496cb6f44b5ed30e3e40bd6ada5acf13a4764c0642e4e08de5

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The PDF was flagged as malicious by an ML classifier and contains embedded JavaScript and RichMedia (Flash) content, indicating a likely exploit attempt. The presence of embedded files further suggests it's a delivery mechanism for a secondary payload. The document body content is not indicative of a specific lure.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

RichMedia (Flash) high PDF_RICHMEDIA

PDF contains /RichMedia (Adobe Flash) which is a historic exploit vector
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Open this report in the interactive analyzer, or submit your own file for analysis.