PDF malware analysis — malicious · b3a5e7d9cc5c9407

MALICIOUS

PDF

27.7 KB

MD5: 404646b0adee1a7767ea62aa607056e7 SHA-1: 7f7c9c376ceee0fb8bec5a25f87d57d3c13c745f SHA-256: b3a5e7d9cc5c94076afb24197aa3e2b4f35bc1ab8a6380b56d472b393ce333a9

134 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 Service Execution: JavaScript

The PDF contains embedded JavaScript and utilizes ASCIIHexDecode and ASCII85Decode filters, which are commonly used to obfuscate malicious code. A machine learning classifier strongly flagged this PDF as malicious, and correlated signals confirm the presence of malicious JavaScript. The primary attack vector appears to be exploiting vulnerabilities within the PDF reader via these embedded scripts.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 5

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.