PDF malware analysis — malicious · e532af5c73cde686

MALICIOUS

PDF

4.4 KB Authoring application: Yh8

MD5: a99f287f99f18b5c68198bbf06813cb3 SHA-1: 4cf73b697f4c6a6ada07d84d683255ce5fa1b0ed SHA-256: e532af5c73cde6862c5470953c81528ae8e9838aa73e8f76727b89050ed9a1af

106 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 Command and Scripting Interpreter: PowerShell T1204.002 Malicious File: User Execution: Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ML_NYX_PDF_MALICIOUS and PDF_CORRELATED_MALICIOUS_JS heuristics strongly suggest this JavaScript is malicious. While the specific actions of the script are not detailed, its presence and high confidence flagging point to an attack pattern involving the exploitation of PDF vulnerabilities or the execution of malicious code upon opening the document. No specific family could be identified.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.