MALICIOUS
66
Risk Score
Malware Insights
MITRE ATT&CK
T1059.007 JavaScript
The PDF file contains embedded JavaScript, indicated by multiple heuristics including PDF_JAVASCRIPT and PDF_JS. The ML classifier also flagged the file as malicious with high confidence. The extracted JavaScript code, while simple, demonstrates an attempt to execute code within the PDF viewer, likely as a precursor to a more complex malicious action.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEXHex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
-
JavaScript action low 1 related finding PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0006_000.js |
pdf-javascript-stream | PDF /JS object 6 at offset 0x156 | 74 bytes |
SHA-256: f3eadeca3f68642573858bc83b45fa8aac44174c28f320df06fc8b670058a9d8 |
|||
Preview scriptFirst 1,000 lines of the extracted script
app.alert({cMsg: 'OK', cTitle: 'Testing', nIcon: 3});
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.