PDF malware analysis — malicious · c42ce9c5e161c99e

MALICIOUS

PDF

4.8 KB Created: 2010-06-16 08:34:22 Authoring application: Amyuni PDF Creator (via Amyuni PDF Converter version 2.50f)

MD5: e033f22d7b0d5c5484b2c837bdd0ade0 SHA-1: c52ccb34a063182d4d1313c9c4ba5e3cc738237a SHA-256: c42ce9c5e161c99ebe62ec850d369954196dcb780f82eaa78595fec1c52a28b8

118 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript T1204.002 Malicious File

The PDF contains JavaScript with multiple obfuscation techniques, including `unescape()` and `eval()`, as indicated by the heuristic firings. The ML classifier strongly suggests malicious intent. The JavaScript appears to be designed to deobfuscate and execute a payload, though the exact nature of the payload is not fully discernible due to the obfuscation. The presence of `unescape()` is noted as a potential IOC.

Machine Learning

Nyx PDF Classifier malicious score 0.9998

Heuristics 3

eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution
unescape() call high PDF_UNESCAPE

unescape() found — often used to decode shellcode in PDF JS exploits
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.