Malicious PDF — malware analysis report

Static analysis result for SHA-256 209d07b885ebe967…

MALICIOUS

PDF

3.60 MB
MD5: 88c9ead1c6969ac6145661d7eabad2d6 SHA-1: 1830737e53d198f314a6e14528c7db9807af3d36 SHA-256: 209d07b885ebe967e9fa5e11cfe9dd06340d05737f7dfafdf33a0fab65dd6c5e
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document exhibits characteristics of a callback phishing lure, instructing the user to call a phone number for a fabricated issue. Additionally, it contains instructions for handling a password-protected archive, a common tactic to bypass gateway security. No scripts were extracted, and the document body was heavily obfuscated, limiting further analysis of the specific payload.

Heuristics 2

  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns

Extracted artifacts 12

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off0000054b.icc
2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e		 pdf-icc-profile PDF ICC profile at offset 0x54B 3144 bytes
icc_01_off0000101f.icc
eda03c8910c87b8a3e3c1ffbc35d223da8ae1d0dcfbad0c153c4eefbff436723		 pdf-icc-profile PDF ICC profile at offset 0x101F 1328 bytes
font_00_sfnt_off0037ac56.bin
23d0b9a44a53b4d35a1c5d663b9cfc002f087e30553b2fc3a003aac2230a29a8		 pdf-font-stream PDF embedded font (sfnt) at offset 0x37AC56 12688 bytes
font_01_sfnt_off0037d48b.bin
caf9e5fc7f7022937e74879932cb6e8b1504990c681e25673e9c519046b0a9ab		 pdf-font-stream PDF embedded font (sfnt) at offset 0x37D48B 4776 bytes
font_02_sfnt_off0037e3fb.bin
c189ae862e2230b74d37b3e8c8dc4c45233995e6dc151fbcec6b378d456dcfa0		 pdf-font-stream PDF embedded font (sfnt) at offset 0x37E3FB 5064 bytes
font_03_sfnt_off0037f1fc.bin
791d32ed5036fba05ebba6b739670c76f93942506aa3eaed031f00026ad3b545		 pdf-font-stream PDF embedded font (sfnt) at offset 0x37F1FC 4044 bytes
font_04_sfnt_off0037ff9a.bin
152edf8beccd008db1f273efae77e811e676757f65c3b3f0b1dc87f2e9c3f094		 pdf-font-stream PDF embedded font (sfnt) at offset 0x37FF9A 40728 bytes
font_05_sfnt_off00386e84.bin
ab7572c8b259c52d5dc7788c713be06081fb3a8600d280d8ed024474fd008104		 pdf-font-stream PDF embedded font (sfnt) at offset 0x386E84 15748 bytes
font_06_sfnt_off00389f40.bin
25cb4fa7131622ab24371e45002c736e7b570003839c79be21fefec75a40f98d		 pdf-font-stream PDF embedded font (sfnt) at offset 0x389F40 40632 bytes
font_07_sfnt_off003910a8.bin
0c14f3139d4c788721b2a3f85188bafdfbe52b03c89a3e65914a5be858facda5		 pdf-font-stream PDF embedded font (sfnt) at offset 0x3910A8 10004 bytes
font_08_sfnt_off00392732.bin
9a8505e4f7f8467debb57b986414535e1ca9c3e26c5b77349b850a4dcb8e4972		 pdf-font-stream PDF embedded font (sfnt) at offset 0x392732 7140 bytes
font_09_sfnt_off00393ae5.bin
5eb26faa61052b3548caa5b3b7038013efc2baeb962dd70520a3ae227e01ca25		 pdf-font-stream PDF embedded font (sfnt) at offset 0x393AE5 20512 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.