Malicious PDF / .VIR — malware analysis report

Static analysis result for SHA-256 e097ccbd2ce8609a…

MALICIOUS

PDF / .VIR

2.0 KB Authoring application: Python PDF Library 055 http072057057pybrary056net057pyPdf057
MD5: 7bfb993cd0606f9e6235e59f6292ce20 SHA-1: 6f0b33e26c0838727caacdcbbb4f65d351febc8d SHA-256: e097ccbd2ce8609ac47c906bd6f4b5784125d34e6a384c49eeb97483d10ec159
106 Risk Score

Malware Insights

The PDF file was flagged as malicious by an ML classifier with a high confidence score. Static analysis revealed embedded JavaScript, which is often used to exploit vulnerabilities or download further malicious payloads. The critical heuristic 'PDF_CORRELATED_MALICIOUS_JS' confirms the malicious nature of the embedded JavaScript.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS
    PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.