MALICIOUS
76
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File
The PDF contains embedded JavaScript, indicated by multiple heuristic firings including PDF_JAVASCRIPT and PDF_JS. The ML classifier strongly suggests maliciousness. The embedded file 'dew006.docx' is also suspicious. The JavaScript streams, though small, are likely responsible for exploiting a PDF vulnerability to execute code, potentially leading to the download of further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEXHex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
-
JavaScript action low PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded file low PDF_EMBEDDEDPDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
dew006.docxf675ccacf5599eb88d18a09b49d06cd4658e7ce1e20a33379c2afc2e631bc1f6 |
pdf-embedded-file | PDF EmbeddedFile object 8 at offset 0x388 | 10109 bytes |
javascript_obj0009_000.jsb605b2fa8e7edbde866d8208240c2ce15e15d3ce25950041dbdb3f4b41623488 |
pdf-javascript-stream | PDF /JS object 9 at offset 0x7A26 | 60 bytes |
javascript_obj0009_001.js398bcb05cb110bde1cc663048227b5ed87b095a9328585c3a8c63370ee8e4ab8 |
pdf-javascript-stream | PDF /JS object 9 at offset 0x7A26 | 58 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.