PDF malware analysis — malicious · d687bc54a55d9c8c

MALICIOUS

PDF

58.2 KB Created: 2009-11-15 19:41:70 Authoring application: PDF Library 4.3.9 (via PDF Library 3.9.7)

MD5: cf22704c8ef48f31aa1c31c2bf0cfe1d SHA-1: 0bf45cf0501718ec5c7e2d8f2c5b8c760f84ae44 SHA-256: d687bc54a55d9c8ca061785189a576f2562ea7281532d2df1274f08662206f18

108 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF was flagged as malicious by a machine learning classifier with high confidence. Static analysis detected embedded JavaScript, which is often used to exploit vulnerabilities or download further malicious content. The combination of PDF_JAVASCRIPT, PDF_JS, and ML_NYX_PDF_MALICIOUS heuristics strongly indicates malicious intent.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 4

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Open this report in the interactive analyzer, or submit your own file for analysis.