PDF malware analysis — malicious · db07607fb1e67c6b

MALICIOUS

PDF

251.8 KB Created: ý(@»Åx*9ï²ó&×W¾ Authoring application: éAÈãL¡fLwcs¾ó· (via øqÕèL´Ah{ZI·ä¬6Ö^±dYGè_N)

MD5: bdf2602626dd9b90eb971b2a6de918c9 SHA-1: 656c7dff826c39de6b93b594cbb4fa5972f328e9 SHA-256: db07607fb1e67c6b69cddc2153a116141526cc555fbca74c74bfc3a89e21578c

86 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment T1027 Obfuscated Files or Information

The PDF file was flagged as malicious by an ML classifier and contains embedded JavaScript. The presence of PDF_ENCRYPTED_WITH_JS indicates that the JavaScript is used to hide the actual malicious payload, a common technique for exploit delivery or drive-by downloads. The obfuscated nature of the document body and the encrypted nature of the PDF prevent a more detailed analysis of the specific payload or delivery mechanism.

Machine Learning

Nyx PDF Classifier malicious score 0.9456

Heuristics 3

Encrypted PDF carries /JavaScript — payload hidden from static analysis high PDF_ENCRYPTED_WITH_JS

PDF declares /Encrypt and also references an executable trigger (/JavaScript). Document encryption hides the JavaScript body and stream contents from static scanners — combined with auto-execution indicators this is a known evasion pattern used to deliver weaponised JavaScript that the analyst cannot inspect without the decryption key.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.