PDF malware analysis — malicious · e0435d9aee74cdc5

MALICIOUS

PDF

4.8 KB Created: 2010-06-16 08:34:22 Authoring application: Amyuni PDF Creator (via Amyuni PDF Converter version 2.50f)

MD5: f7339d87582633f7f75ed15ba9392c1e SHA-1: 25aa13681d2864473eafb569340503c45094ad90 SHA-256: e0435d9aee74cdc57c6de13e2621017a6b6c131b27406efad42a9e24c80694d3

78 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF contains JavaScript with an eval() call, indicating an attempt to execute arbitrary code. The ML classifier strongly flags this PDF as malicious. While the exact payload is obfuscated, the presence of JavaScript and the eval() function suggests a common exploit delivery mechanism. The file's metadata indicates it was created using Amyuni PDF Converter, which has been associated with exploit delivery in the past.

Machine Learning

Nyx PDF Classifier malicious score 0.9997

Heuristics 2

eval() call high PDF_EVAL

eval() found — commonly used for obfuscated exploit execution
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.