MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1204 Malicious File
T1204.002 Malicious File: User Execution: Malicious PDF
The file is identified as a malicious PDF by ClamAV and a machine learning classifier. High-severity heuristics indicate the presence of U3D/3D content, which is often associated with Adobe Reader 3D parser exploits. Additionally, JavaScript actions and embedded JS streams are present, suggesting potential for further malicious activity. The obfuscated nature of the PDF, indicated by filters like ASCIIHexDecode and ASCII85Decode, further supports its malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 6
-
U3D/3D content in PDF — Adobe Reader 3D parser CVE-family indicator high PDF_U3D_CVE_RELATEDPDF contains U3D (Universal 3D) or 3D annotation content — CVE-2011-2462 and CVE-2009-3953 are critical vulnerabilities in Adobe Reader's U3D processing that allow arbitrary code execution. U3D content in PDFs is extremely rare in normal documents.
-
ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTIONClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
-
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEXHex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
-
JavaScript action low PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation
Open this report in the interactive analyzer, or submit your own file for analysis.