MALICIOUS
68
Risk Score
Malware Insights
MITRE ATT&CK
T1566.003 Spearphishing Attachment
T1204.002 Malicious File
The PDF file contains PRC/3D content, which is a known indicator of malicious PDFs, and also uses ASCII85Decode filters with exploit indicators. These heuristics suggest the file is designed to exploit a vulnerability within PDF viewers. No document body or script content was available for further analysis, limiting the ability to determine the specific payload or delivery mechanism.
Machine Learning
- Nyx PDF Classifier clean score 0.0009
Heuristics 3
-
PRC/3D content in PDF high PDF_PRC_3DPDF contains PRC 3D content. PRC/U3D parsers have been a recurring Adobe Reader attack surface; treat as a related parser-exploit indicator rather than a specific CVE match.
-
Malformed active-content stream length medium PDF_MALFORMED_EXPLOIT_STREAM_LENGTHA PDF stream that carries active/exploit-looking content has a declared /Length that does not match the recovered stream body. Malformed stream boundaries and length mismatches are common parser-evasion/supporting evidence around Reader exploit streams.
-
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation
Open this report in the interactive analyzer, or submit your own file for analysis.