PDF malware analysis — malicious · e06e002cd22dbe34

MALICIOUS

PDF

6.6 KB Created: <Âö5}¹üèV Authoring application: eÛU»L-c®¦þôS (via eÛU»L-õ Û¨³An|¥wË¾msò)

MD5: 094f00c22ad80d012b49843b88d67e2b SHA-1: 04fe94fbc9d1c1e270d3bd0177c53248eb939b84 SHA-256: e06e002cd22dbe34d3842ea164e93e026e65c3f8a00dba270cb5c0b1226768f4

86 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.002 Spearphishing Attachment

This PDF file was flagged as malicious by a machine learning classifier. It contains embedded JavaScript, which is often used to hide malicious content or exploit vulnerabilities. The presence of PDF_ENCRYPTED_WITH_JS indicates that the PDF's content is encrypted and likely uses JavaScript to deobfuscate and execute a payload, making static analysis difficult. The lack of readable document body text prevents a more specific assessment of the lure.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Encrypted PDF carries /OpenAction — payload hidden from static analysis high PDF_ENCRYPTED_WITH_JS

PDF declares /Encrypt and also references an executable trigger (/OpenAction). Document encryption hides the JavaScript body and stream contents from static scanners — combined with auto-execution indicators this is a known evasion pattern used to deliver weaponised JavaScript that the analyst cannot inspect without the decryption key.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.