Malicious PDF — malware analysis report

Static analysis result for SHA-256 eacd7f1d6733e1ce…

MALICIOUS

PDF

42.5 KB
MD5: 3cc81a519188b1d380a8ce3429dea82c SHA-1: 3aa21755e38acab65caad796b74f9699de072595 SHA-256: eacd7f1d6733e1ce61cd7b0bdcc06205e22140cc2a1ea3467e70f9343efe84e5
72 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains obfuscated JavaScript, indicated by the 'ML_NYX_PDF_MALICIOUS' heuristic and the 'PDF_UNESCAPE' firing. The JavaScript appears to be designed to execute malicious code, likely for downloading and running a second-stage payload. The differential PDF parser failure suggests a deliberate attempt to hinder analysis. The confidence is high due to the ML classifier and specific heuristic firing.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8000

Heuristics 2

  • unescape() call high PDF_UNESCAPE
    unescape() found — often used to decode shellcode in PDF JS exploits
  • PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED
    The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Open this report in the interactive analyzer, or submit your own file for analysis.