MALICIOUS
84
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0130
Heuristics 4
-
Hex-obfuscated structural name object high PDF_OBFUSCATED_NAME_OBJECTA structurally-dangerous PDF name (e.g. /OpenAction, /Launch, /AA, /EmbeddedFile, /SubmitForm) is written with #XX hex escapes to evade string-based scanners. Legitimate producers write these names literally; hex-encoding them is a deliberate obfuscation technique.
-
Remote GoTo action high PDF_GOTO_REMOTEPDF references an external document via GoToR/GoToE whose target is a URL, UNC path, or executable
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://github.com/jonaslejon/malicious-pdf In PDF document text
- http://d8kk14rdnf23c5o3rgjgwuudhqo3ng6kb.oast.meIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.