MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
The PDF file contains only images and no text operators, which is a common technique to bypass basic content analysis and lure users into opening malicious documents. ClamAV identified it as Win.Trojan.MSShellcode-7, indicating a known trojan payload. The lack of readable text and the ClamAV signature suggest it's designed to deliver a secondary payload upon opening.
Machine Learning
- Nyx PDF Classifier clean score 0.0290
Heuristics 2
-
ClamAV: Win.Trojan.MSShellcode-7 critical CLAMAV_DETECTIONClamAV detected this file as malware: Win.Trojan.MSShellcode-7
-
PDF paints image(s) but contains no text operators info PDF_IMAGE_ONLY_LUREPDF has 1 image XObject(s) and the content stream contains no text-emitting operators (BT/ET, Tj, TJ, ', ") in either raw bytes or decompressed streams — this is the screenshot-as-PDF pattern used to bypass text-based scanners and to deliver instructions purely through rendered pixels. It is informational unless paired with invisible links or risky URI context.
Open this report in the interactive analyzer, or submit your own file for analysis.