Malicious PDF — malware analysis report

Static analysis result for SHA-256 0674f28610fa18dc…

MALICIOUS

PDF

20.00 MB
MD5: c1edad0f305e7af7a860a1299b50284d SHA-1: 47a584ee6a0511e1a7bea00d91d3620c92f9e997 SHA-256: 0674f28610fa18dc7f3a7218815706d5aa6185f3dd88db414fe6e2de6c5c6c33
62 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The sample is a PDF file exhibiting a high number of streams, indicative of obfuscation or heap spraying. It also contains JPXDecode content related to CVE-2018-4990, suggesting an exploit for client execution. While an embedded URL was found, it was confirmed as benign. The lack of readable document body text or scripts prevents a more detailed analysis of the specific lure or payload.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.2529

Heuristics 3

  • JPXDecode + active content — JPEG2000 CVE-family indicator high CVE related PDF_JPX_CVE_2018_4990_RELATED
    PDF uses /JPXDecode (JPEG2000) alongside JavaScript, XFA, or RichMedia indicators. This matches the delivery pattern for Adobe Reader JPEG2000 parser exploit families, including CVE-2018-4990, but does not prove the exact malformed JP2/JPX primitive.
  • Unusually high stream count medium PDF_MANY_STREAMS
    PDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.iec.ch

Extracted artifacts 6

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off00000063.icc
2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e		 pdf-icc-profile PDF ICC profile at offset 0x63 3144 bytes
font_00_cff_off0002529e.bin
dfbada0ee4c9b6366a9ffd34332080d04de711494a43237df3c4488f5f00c552		 pdf-font-stream PDF embedded font (cff) at offset 0x2529E 3681 bytes
font_01_cff_off00025e8b.bin
5c0c930c36fd089a3bbdd469696bc6747e7d520fb20a19841dbcd1cd51da9971		 pdf-font-stream PDF embedded font (cff) at offset 0x25E8B 3458 bytes
font_02_cff_off0004251c.bin
54020c82fcdf8645fc29c0f04bca3795bf2f4569eff5c9e8aa6a5a3cd2bf6eea		 pdf-font-stream PDF embedded font (cff) at offset 0x4251C 2508 bytes
font_03_cff_off00055462.bin
6c74bf84d31e33d49342bb8bd325dc372b52221b4629fd5cb511bb51369ec60a		 pdf-font-stream PDF embedded font (cff) at offset 0x55462 1813 bytes
font_04_cff_off003abbd6.bin
7e434ab9c9a2c048fbe3555c3071c2b535a135e754193c55e3d62986070b97a8		 pdf-font-stream PDF embedded font (cff) at offset 0x3ABBD6 1111 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.