PDF malware analysis — malicious · d022cf86ca8779b6

MALICIOUS

PDF

33.9 KB

MD5: af485196f31f66b07d87e63dfca41239 SHA-1: 1aba436c59dad5da03959167f13f55e86c3b1972 SHA-256: d022cf86ca8779b6d9b77e4dfc94a8388e92569fd3bee96a20de4235fbe30b8c

74 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF contains embedded JavaScript and utilizes decoding filters (ASCIIHexDecode, ASCII85Decode) often associated with exploit delivery. The ML classifier strongly indicates malicious intent, likely to execute a second-stage payload via the JavaScript.

Machine Learning

Nyx PDF Classifier malicious score 0.9998

Heuristics 4

ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.