PDF malware analysis — malicious · ee3a3dc46846295f

MALICIOUS

PDF

5.0 KB Created: ÝÊßke*B?í@Röí² Authoring application: Ê27g&ì\Uïï¹ (via Ê27g&nöR*¨¼ù¸Ûè'$´Ï)

MD5: a76df79604185f99bff84a3e12c6ae1c SHA-1: 0104967db4e6a51b1fe4699871bee80e7ef3e0b1 SHA-256: ee3a3dc46846295f53b538f838a216dee8d9fd732679f3af978ba93ec7546886

86 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 JavaScript

The PDF was flagged as malicious by an ML classifier with high confidence. Heuristics indicate the presence of JavaScript, which is used to encrypt the PDF content and hide an OpenAction payload. This suggests the PDF is designed to bypass static analysis and deliver a malicious payload upon opening.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Encrypted PDF carries /OpenAction — payload hidden from static analysis high PDF_ENCRYPTED_WITH_JS

PDF declares /Encrypt and also references an executable trigger (/OpenAction). Document encryption hides the JavaScript body and stream contents from static scanners — combined with auto-execution indicators this is a known evasion pattern used to deliver weaponised JavaScript that the analyst cannot inspect without the decryption key.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.