Malicious PDF — malware analysis report

Static analysis result for SHA-256 fc2e07850cd6b82a…

MALICIOUS

PDF

21.5 KB Created: 2009-05-01 21:21:45 Authoring application: tvEeSFCPx (via NeTSnrx)
MD5: cf153d6bcc1e472d9c12b91f6f1c27b0 SHA-1: 9387d873dae7aa32d8fe4e6ee8222fb1893bf161 SHA-256: fc2e07850cd6b82a598d20ff70e7c3ff1e716e6fd7176b8734181597cd9d9741
86 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1059.007 JavaScript

This PDF contains embedded JavaScript that utilizes eval() to execute obfuscated code. The script appears to be designed to download and execute a second-stage payload. The high confidence score from the ML classifier further supports the malicious nature of this file.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • eval() call high PDF_EVAL
    eval() found — commonly used for obfuscated exploit execution
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.