PDF malware analysis — malicious · d1079bc4fcb2c79e

MALICIOUS

PDF

7.5 KB Created: 2009-07-13 19:22:54 Authoring application: lPdF (via oDnD)

MD5: 0cb591bf267a0692b30ce8880daa81c6 SHA-1: 10d06ef15a3ab01363aa3b9eb7db13582031c9ed SHA-256: d1079bc4fcb2c79e18b7afcc6caa36d626e50e45a941ae6178af122d31e74fc2

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript T1204.002 Malicious JavaScript

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ML classifier and correlated malicious JavaScript signals strongly suggest malicious intent. The JavaScript action at offset 0x42, combined with the ML_NYX_PDF_MALICIOUS firing, points to the exploitation of a PDF vulnerability to execute arbitrary code. The reconstructed string 'lPdF (via oDnD)' and the creation date '2009-07-13 19:22:54' are noted as potential indicators.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.