PDF malware analysis — malicious · 1143ebe32579708f

MALICIOUS

PDF

69.5 KB

MD5: 1081f871aa3cf8156eac65d235db7b4a SHA-1: 401e74679f372189583768d732bbbda069c802d5 SHA-256: 1143ebe32579708fd3c668363eca2d7f1b06787499f72091a9709d1b69711fb1

100 Risk Score

Malware Insights

MITRE ATT&CK

T1055 Process Injection

The PDF file contains a Base64-encoded PE payload, identified by the PDF_BASE64_PE_PAYLOAD heuristic. This payload is likely intended to be decoded and executed using process injection techniques, as indicated by the presence of VirtualAllocEx, WriteProcessMemory, and CreateRemoteThread APIs. The ML classifier also strongly suggests maliciousness.

Machine Learning

Nyx PDF Classifier malicious score 0.9952

Heuristics 1

Base64-encoded Windows executable payload in PDF critical PDF_BASE64_PE_PAYLOAD

PDF text contains a long base64 blob that decodes to a verified Windows PE executable. This catches payloads hidden after EOF, inside comments, or in plain text outside normal PDF streams.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`base64_pdf_pe_000002fe.exe` `cac25a0c85ff0522a7105b86ac53326b6c5a8b9031d9ab76d5f39249c561bd20`	embedded-pe	PDF raw base64 PE payload at offset 0x2FE	52736 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.