Malicious HTML / .PDF — malware analysis report

Static analysis result for SHA-256 0ef9cfd1a5dd6e64…

MALICIOUS

HTML / .PDF

269.5 KB
MD5: c9a941a305f68d726b1e49b965b5812d SHA-1: 30d452f9a8677f2c51e0956dba4550fd87693291 SHA-256: 0ef9cfd1a5dd6e64447a801b031aa963e0031dcf772c62faf5af88f643b594ad
102 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1204.002 Malicious File

The sample is an HTML file disguised as a PDF, containing VBScript. The VBScript is designed to execute code assembled from the document's DOM elements, a common technique for delivering malicious payloads. The embedded URL, while marked as benign, is present in the document.

Heuristics 3

  • HTA/VBScript executes code assembled from DOM text critical HTML_HTA_VBSCRIPT_DOM_EXECUTE
    HTML masquerades as an HTA application and uses VBScript Execute on text pulled from page elements. This staged DOM-text execution pattern is typical of malicious HTA/script attachments that hide the real script body in visible or off-screen HTML nodes.
  • HTML contains VBScript high HTML_VBSCRIPT
    Standalone HTML contains VBScript. Local HTML/VBScript documents are a legacy Windows execution surface commonly used in malicious attachments and browser-exploit chains.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.w3.org/2000/svg

Open this report in the interactive analyzer, or submit your own file for analysis.