Malicious PDF — malware analysis report

Static analysis result for SHA-256 18d0f52ca3aba789…

MALICIOUS

PDF

69.5 KB
MD5: d4a0bdbb716c1a0a6a7e8ab405a6e4d8 SHA-1: c37a0edf2987506db8d8e2d9794ba619e21b061d SHA-256: 18d0f52ca3aba789dde0aeb9e024ade71c59a310674b94f895b1f313809f3022
100 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The PDF file contains a critical heuristic indicating a Base64-encoded Windows executable payload. This payload is likely intended for execution on the victim's system, leveraging process injection APIs. The ML classifier also strongly suggests maliciousness. The primary IOC is the SHA256 hash of the embedded executable.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9952

Heuristics 1

  • Base64-encoded Windows executable payload in PDF critical PDF_BASE64_PE_PAYLOAD
    PDF text contains a long base64 blob that decodes to a verified Windows PE executable. This catches payloads hidden after EOF, inside comments, or in plain text outside normal PDF streams.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
base64_pdf_pe_000002fe.exe
cac25a0c85ff0522a7105b86ac53326b6c5a8b9031d9ab76d5f39249c561bd20		 embedded-pe PDF raw base64 PE payload at offset 0x2FE 52736 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.