PDF malware analysis — malicious · f713192f0777451b

MALICIOUS

PDF

3.6 KB Created: b×+ðµ¼×8zm Authoring application: uRÛÜNM2ñ¬½Ë?cf (via uRÛÜNM2ÆÈÅ@$S&_Fn=.¾Ñß!T)

MD5: 24d574d433456922aee5b28903791255 SHA-1: a3e715393ef5d73051a06ccfe55c186c2353ead5 SHA-256: f713192f0777451b5c840354f7a0e56ae5f808964de13c346de238fa12d6ddcc

86 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1566.001 Spearphishing Attachment T1027 Obfuscated Files or Information

This PDF sample was flagged as malicious by an ML classifier with high confidence. It contains embedded JavaScript, and importantly, it is encrypted with JavaScript, indicating an attempt to hide its true payload from static analysis. The presence of JavaScript actions and embedded JS streams strongly suggests that the script is responsible for decrypting and executing the malicious content.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Encrypted PDF carries /OpenAction — payload hidden from static analysis high PDF_ENCRYPTED_WITH_JS

PDF declares /Encrypt and also references an executable trigger (/OpenAction). Document encryption hides the JavaScript body and stream contents from static scanners — combined with auto-execution indicators this is a known evasion pattern used to deliver weaponised JavaScript that the analyst cannot inspect without the decryption key.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.