PDF malware analysis — malicious · bcb9657e742a4d45

MALICIOUS

PDF

2.8 KB

MD5: 73fb545b8806950d3049a025c89fabb4 SHA-1: 049f0744e68e6fd22ab11ecadc71571da1fb09dc SHA-256: bcb9657e742a4d45ccc2e5dad8e129e60b9b71fab9d74ece3f916452e0f7d78b

86 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF file contains JPXDecode with active content, strongly indicating an attempt to exploit CVE-2018-4990 or a related vulnerability. The ML classifier also flagged this PDF with high confidence. While no specific document body text or scripts were extracted, the presence of embedded files and XFA forms further supports a malicious intent, likely to deliver a secondary payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

JPXDecode + active content — JPEG2000 CVE-family indicator high CVE related PDF_JPX_CVE_2018_4990_RELATED

PDF uses /JPXDecode (JPEG2000) alongside JavaScript, XFA, or RichMedia indicators. This matches the delivery pattern for Adobe Reader JPEG2000 parser exploit families, including CVE-2018-4990, but does not prove the exact malformed JP2/JPX primitive.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic

Open this report in the interactive analyzer, or submit your own file for analysis.