Malicious PDF — malware analysis report

Static analysis result for SHA-256 fd66c2c25066bd64…

MALICIOUS

PDF

8.3 KB Created: 2010-07-09 20:02:18 Authoring application: Scribus 1.3.3.12 (via Scribus PDF Library 1.3.3.12)
MD5: 55c7d9ca3a42a949445409c7652d1807 SHA-1: 4d7079ba1c0a6c5549e36b138617e1230720ac2a SHA-256: fd66c2c25066bd64f23c30e47a235e162f8bcb483862510bd78e0d802508c07c
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains embedded JavaScript, indicated by the PDF_JAVASCRIPT and PDF_JS heuristics. A critical heuristic, PDF_CORRELATED_MALICIOUS_JS, confirms the malicious nature of this JavaScript. The ML classifier also strongly flags the PDF as malicious. The embedded JavaScript is likely responsible for executing arbitrary code, leading to the malicious verdict. No specific family could be identified.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 3

  • Correlated malicious PDF JavaScript signals critical PDF_CORRELATED_MALICIOUS_JS
    PDF JavaScript or auto-action content is corroborated by exploit staging, ML, or suspicious extracted-artifact findings. This correlation promotes old exploit-kit PDFs that otherwise remain in the suspicious band because each individual signal is intentionally weighted conservatively.
  • JavaScript action low 1 related finding PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.