Malicious PDF — malware analysis report

Static analysis result for SHA-256 d179769bcac068ea…

MALICIOUS

PDF

12.4 KB
MD5: 2f2672bcfa70fad0b52959aa156222bd SHA-1: d90421865cbc1e936fdf3e5c5de290ec25c0b40f SHA-256: d179769bcac068eada998dbee053ea7eab9c7952cc348126ac00951272789412
86 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 Command and Scripting Interpreter: PowerShell

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The presence of a high-severity PDF_EVAL heuristic suggests that the JavaScript code is likely obfuscated and uses an eval() call to execute arbitrary code. The ML classifier also strongly indicates maliciousness. The primary attack pattern involves leveraging JavaScript execution within the PDF to download and execute a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • eval() call high PDF_EVAL
    eval() found — commonly used for obfuscated exploit execution
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.