PDF malware analysis — malicious · ef5a6de71d7c9581

MALICIOUS

PDF

3.8 KB

MD5: c01ca5bc3debb016289b1f058ea4ca07 SHA-1: 30668aaf570fefa508be8ef9ce5b219595c1ca70 SHA-256: ef5a6de71d7c958147b91472fd26b48d52d2cefab027f26f08c09e005c27b1d7

106 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. The ML_NYX_PDF_MALICIOUS and PDF_CORRELATED_MALICIOUS_JS heuristics strongly suggest this JavaScript is malicious. The primary attack pattern involves exploiting a PDF vulnerability to trigger the execution of this embedded script, likely leading to further malicious activity. No specific family could be identified.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS

PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.