Malicious PDF — malware analysis report

Static analysis result for SHA-256 08d6ac2b6d752330…

MALICIOUS

PDF

7.2 KB
MD5: ecce39a18666101da74429d6bcff2e80 SHA-1: a7ca92943bf2eb5c0c7f0b9101360ba59ed5bde0 SHA-256: 08d6ac2b6d752330fa61e99dcb85c6cab70286d8588ca6efdd38e7976bfbde45
68 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The PDF file was identified as a dropper by ClamAV, indicating its primary function is to deliver other malware. The presence of embedded files further supports this, as they are likely components of the secondary payload. The document body contains a nonsensical phrase, which is common in obfuscated or malicious documents.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.4335

Heuristics 2

  • ClamAV: Pdf.Dropper.Agent-7226064-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7226064-0
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload (matched inside decoded stream)

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
comet_earth_768.pdf
5c006c05b4606345f6c39c3123833c9b910923a27592397cf5319fa5788ce454		 pdf-embedded-file PDF EmbeddedFile object 7 at offset 0x35B 5059 bytes
comet_earth_768_1.pdf
67c18bb7b93a3c5fe5257f72db6eb31545e3318f7615ed34536ce56ab75a0c8a		 pdf-embedded-file PDF EmbeddedFile object 7 at offset 0x35B 5712 bytes
comet_earth_768_2.pdf
a6fa9ffa39ae1be97458e995893c4ed983de6b35166e5ab69a834efc1bb49156		 pdf-embedded-file PDF EmbeddedFile object 7 at offset 0x35B 6367 bytes
objstm_0002_00.bin
e9a33e4ae3a05909d1c40c06ca9554d495c62b425f768de1c677be7a43b6572e		 pdf-objstm-decoded PDF /ObjStm 2 0 obj (inflated) 638 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.