PDF malware analysis — malicious · c9162f2ea8e7fc71

MALICIOUS

PDF

26.7 KB

MD5: f533707c5fd4f12bf7b9ad16a7404451 SHA-1: c53dead55628676c16f69e64f2b376d043373751 SHA-256: c9162f2ea8e7fc71a54a784ba73b6d1e230e3dafaf43ee6c2444442c750379e4

86 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1059.007 JavaScript

The PDF file was flagged as malicious by an ML classifier and contains embedded JavaScript with eval() calls, indicating an attempt to execute obfuscated code. The JavaScript is likely responsible for downloading and executing a second-stage payload, which is a common technique for initial access and further compromise. The presence of multiple JavaScript-related heuristics and the ML classification strongly support this assessment.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution (matched inside decoded stream)
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0032_000.js` `f8a27310866a1928c3fe4ca5eada7a051edb5fb3f236e932d8f5fb96be7c773f`	pdf-javascript-stream	PDF /JS object 32 at offset 0x2CA	2916258 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.