MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
T1566.002 Spearphishing Attachment
The PDF file exhibits characteristics associated with exploit delivery, specifically a high stream count suggesting obfuscation and a heuristic indicating a relation to CVE-2023-26369. The presence of an external URI, while not directly malicious in this context, is often used in exploit chains. No scripts were extracted, limiting the ability to determine the exact payload or further actions.
Machine Learning
- Nyx PDF Classifier suspicious score 0.3080
Heuristics 4
-
TrueType bitmap font + active content — CVE-2023-26369 related high PDF_CVE_2023_26369_RELATEDPDF embeds a TrueType font with bitmap tables (EBDT/sbix/CBDT) alongside exploit delivery indicators — CVE-2023-26369 exploits the sfac_GetSbitBitmap function in Adobe's libCoolType for arbitrary code execution. This CVE was actively exploited in the wild, but this rule does not validate the malformed EBLC/EBDT primitive.
-
Unusually high stream count medium PDF_MANY_STREAMSPDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.mrcet.ac.in/
Extracted artifacts 32
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_001_off000153ff.binad23422b00f3a12bd6633cf0c3799bfbd8cc1d1c044377fbbb6ab8c432574e3f |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x153FF | 183016 bytes |
stream_007_off000332c9.bin9973c305562f8676e2346f3ad50c5e57364b2492c5358994e98581db683e59a3 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x332C9 | 61428 bytes |
stream_012_off0004611b.bine04c0e73578f374b28cb28c449f3d94716920489277f6c141abadda5f102e0b2 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x4611B | 59444 bytes |
stream_018_off000598bf.bin49ecb630cef294822319ba182d27176b1e2106b6285d8a6677f7417def22e630 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x598BF | 353532 bytes |
stream_019_off0007f694.bin4963371844c5f1a6f9f1b6bbad963115ad3f13454ab226088e68e04c62ec5117 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x7F694 | 353584 bytes |
stream_031_off000c6dbd.binb57dcad91a1711d5724f0c5bbd46ed141fabfdfdd2fea56a0f2d22ae6e2126f5 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xC6DBD | 53172 bytes |
stream_057_off00185ac5.binc29ffe71a391a329d0f3ed2412f8deeed1bc0a02f541ad3cbe9a761e0ebf9271 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x185AC5 | 333004 bytes |
stream_064_off001cd775.bin3cf81e40242ac2e9ea4b88a79397807c51729f4ee3f2c8f1471fbed0233a53bf |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1CD775 | 338952 bytes |
stream_071_off001fd2fa.bin61df4daec332ee4614b15c8baf476187daa2607563529adf3643936a730627cb |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1FD2FA | 403768 bytes |
stream_072_off00229420.bin92ef76a7469c878904e66f8e8be1cfe563922cfaa1752bd6fa6586a18180cfbd |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x229420 | 367060 bytes |
stream_110_off002fd5f7.bin9ece0b19163e5a1d771e5a63b52dbe88f475b01d0c1ad04a0f95b54e2e77f141 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2FD5F7 | 334404 bytes |
stream_124_off00339536.bin75dbade27236bf2bc83298b88b3f4866f0c166f69093f56b1670c0869a4c224c |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x339536 | 335912 bytes |
stream_128_off00381e7b.bine80a4ea06a80225b65ac6c4fe440397d227f5dfdafcf6808c8bf1967ffb3a048 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x381E7B | 321856 bytes |
font_01_sfnt_off0003956c.bin821feffec538842c1687626d30a5c8e4caaa4a6df9f70b4c840e6f1c4c043a84 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3956C | 48056 bytes |
font_02_sfnt_off0003e062.bin44ecd060b9b203aedfa42a59df7e0bad8b4320f585e05b4ea58de62e055a790c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3E062 | 18624 bytes |
font_03_sfnt_off0004be44.bin136672707e5ef7d13dca8995080221a36d6f677bba1b89e5fd94c06dc514a8aa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4BE44 | 49232 bytes |
font_04_sfnt_off00050b58.binab3a1f3deb0e4e23cde8b6d6034100aed9b74a753194cf1284bd522a80e46a03 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x50B58 | 20892 bytes |
font_06_sfnt_off000a55bb.bin3aae85620a8da084c0d88daba6009b9bb6f131be5c946a99a89638f98d8eda85 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA55BB | 72080 bytes |
font_07_sfnt_off000af22b.bina98b99f4c5350cb2807a177c92bf5c3bdb3ef1e826c15d7bae1321e5fe1926d0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAF22B | 90268 bytes |
font_08_sfnt_off000ba9df.bin2428df7e6a90edacd13c8fa289741db4114ab71d9b49ef4366576a244d44c684 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBA9DF | 28148 bytes |
font_10_sfnt_off000cc2bf.binaeb2daf805a684fbffc0c4fc4bb80b611849c3a613cc0b2d6405f6871aea1bc1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCC2BF | 21904 bytes |
font_11_sfnt_off000cf31a.bine70dcc7d532c5440b752c8c0852c9573731277b550e8df18a41e9c74c84ee68f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCF31A | 30776 bytes |
font_12_sfnt_off00100cfc.bind9dd239fef52a2f613c68ccce1655ceaf79d8389d46f8ae343c0194705bbcbc7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x100CFC | 170312 bytes |
font_13_sfnt_off0011473e.bincfa51b0084df9246c62451049f83186d8a15511add5e919fdbfcd0f2e7134335 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11473E | 48984 bytes |
font_14_sfnt_off0012f0fd.bin0b3442a5dcced2030300296a2148b0268e2c3b7f9da43b270d9146a79b0cbfd3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12F0FD | 23148 bytes |
font_15_sfnt_off001324cc.bin4f7cc55bfae9c5ebdbf518bedcb7d079769ba0ffe8130654133e778fb9230a02 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1324CC | 202028 bytes |
font_16_sfnt_off001415e1.bin6950f9f3d2d7cb4fd75c9e0a909d9e4e86f8ffcbc9f7589995c9dcbbae4e637d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1415E1 | 169796 bytes |
font_17_sfnt_off00156559.binac6a19f559e47f3b4453ade3aa532f238009ebf6239367a45b866b0dfd984436 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x156559 | 59968 bytes |
font_18_sfnt_off0015d2e3.bin90691d67193d9b888f48c2704802c3e8415359e4c3926911dfac0b5538ca60a6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15D2E3 | 54208 bytes |
font_19_sfnt_off00163bc0.bin3919491c16b6921682e0e7c056c55189829f97da5c68f90c415a2a464cb19c21 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x163BC0 | 329128 bytes |
font_27_sfnt_off0045df1c.bined030a76492ad0759f9041a9f14577e13eb5142be38ea85dac846569a357edd4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x45DF1C | 343956 bytes |
font_29_sfnt_off004ba55c.bin857fb7fadbffe42e3db6250cb782662f3367d01ef2de3afcea7b44ca3ddcca1a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4BA55C | 365528 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.