PDF malware analysis — malicious · d908cf22f4d36e75

MALICIOUS

PDF

43.7 KB

MD5: 508f98a6e4ce258addb39df9cbc8faad SHA-1: 1a22c3a08c087a3504f622690ecb18d96bb0f906 SHA-256: d908cf22f4d36e75b303c7756bef3d498f8d51c082cf60d10721359e4fc45ea7

114 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript/JScript T1566.003 Phishing:Malicious File

The PDF sample contains embedded JavaScript, flagged by multiple heuristics including a critical correlation signal. The ML classifier also strongly indicated maliciousness. The presence of JavaScript actions and streams within the PDF structure suggests an attempt to execute code, likely to download and run a secondary payload or exploit a vulnerability. No specific family could be identified from the available evidence.

Machine Learning

Nyx PDF Classifier malicious score 0.9937

Heuristics 4

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Optional Content Group with action trigger low PDF_OPTIONAL_CONTENT

Optional Content Group (layer) co-occurs with an action trigger — content can be selectively hidden from viewers or scanners while the action still fires on open

Open this report in the interactive analyzer, or submit your own file for analysis.