Malicious PDF — malware analysis report

Static analysis result for SHA-256 1b2c8ded9773ba87…

MALICIOUS

PDF

4.1 KB
MD5: a8f531b1b116cf986076dc8aa81cc297 SHA-1: d3c537b5cd6f456242cd2652dd5ab6e8545e15ab SHA-256: 1b2c8ded9773ba87fc4bf375be898bed1f22215a2e8b6fa170284c3332e0debc
66 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF exhibits multiple indicators of maliciousness, including embedded file and script payloads, and is flagged by an ML classifier with high confidence. The presence of an embedded script payload suggests an attempt to execute malicious code upon opening or interaction with the PDF. While the document body is unreadable, the embedded file artifact is a key indicator of a potential exploit or downloader.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Embedded script payload in PDF stream medium PDF_EMBEDDED_SCRIPT_PAYLOAD
    PDF stream bytes contain an HTML/XFA <script> tag without accompanying Windows shell-execution primitives — common in accessible XFA forms but worth surfacing for analyst review.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0008.bin
ed4048712900ec04540a6f1d71a72adbf80a25f36fd3d9e37f7de051cd173c54		 pdf-embedded-file PDF EmbeddedFile object 8 at offset 0xEA 12883 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.