PDF malware analysis — malicious · 191eed8ac1902512

MALICIOUS

PDF

10.4 KB

MD5: 8fd453e1417d29fa2d09d15d02cc1660 SHA-1: 85cf50b1d170478ec409d4fdd35bf6df442d078c SHA-256: 191eed8ac1902512bdce08ce605a6780030d8a6df5bed63fd92fd4459a907432

106 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The sample is identified as malicious by ML classifiers and ClamAV with the signature Heuristics.PDF.ObfuscatedNameObject, indicating it exploits a PDF vulnerability. The presence of an embedded file further suggests it's designed to deliver a secondary payload. The document body is heavily obfuscated and unreadable, preventing a more specific analysis of its lure.

Machine Learning

Nyx PDF Classifier malicious score 0.9990

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`embedded_file_obj0001.bin` `b1d68bd36d7ce74dd97715b74944cfa9995395b6479ad2afc9aad19cc015debd`	pdf-embedded-file	PDF EmbeddedFile object 1 at offset 0x7E	13408 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.