Malicious PDF / .HTM — malware analysis report

Static analysis result for SHA-256 ca3c830ffd8ca28a…

MALICIOUS

PDF / .HTM

4.1 KB
MD5: d1b864764151223d5a453ce023c8ce44 SHA-1: c38358876412275f3aa2f9c7218144aeb561dcbd SHA-256: ca3c830ffd8ca28ad2796fa90b1a01ab1c8283453986f100439ef9b66aff98f2
66 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1027 Obfuscated Files or Information

The ML classifier strongly indicates maliciousness, supported by heuristic firings related to XFA forms and encoded PDF filters (ASCIIHexDecode, ASCII85Decode), which are commonly used for obfuscation and exploit delivery. The presence of these filters suggests the PDF is designed to hide malicious content and exploit vulnerabilities.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX
    Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85
    ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.