MALICIOUS
146
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File: Malicious File
This PDF file was flagged as malicious by multiple heuristics, including a critical ClamAV detection for 'Pdf.Exploit.Dropped-94'. High-confidence firings indicate the presence of a JavaScript eval stager within the PDF's metadata, designed to decode and execute embedded JavaScript. This JavaScript is likely responsible for triggering an exploit and downloading a secondary payload, as suggested by the 'ML_NYX_PDF_MALICIOUS' score and the 'PDF_JAVASCRIPT' and 'PDF_JS' heuristics. No specific malware family could be identified.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
ClamAV: Pdf.Exploit.Dropped-94 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Exploit.Dropped-94
-
PDF metadata JavaScript eval stager high PDF_METADATA_EVAL_STAGERPDF JavaScript reads document metadata fields such as title, subject, or producer, decodes character data with parseInt/String.fromCharCode style helpers, and evals the recovered stage. This is a high-signal exploit-kit staging pattern.
-
JavaScript action low PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0076_000.js5f6853830374cacf47d0ef058014091c19043d7eaa9df88d5fa4f76f027b783c |
pdf-javascript-stream | PDF /JS object 76 at offset 0x308E | 331 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.