PDF malware analysis — malicious · 2a5f9b7396143282

MALICIOUS

PDF

69.5 KB

MD5: 7c65d0bfb6e8e6c1ed60d4a09655879e SHA-1: 7054fa74222ef54e881a8e7c71fd6528b1a2ac5b SHA-256: 2a5f9b73961432821d4a140c53324b2adbe9b106aa11f59b59e24c80b5bc62e4

60 Risk Score

Malware Insights

MITRE ATT&CK

T1027 Obfuscated Files or Information T1105 Ingress Tool Transfer T1055 Process Injection

The PDF file contains a critical heuristic firing indicating a Base64-encoded Windows executable payload. This payload, identified by its SHA256 hash, is likely intended to be decoded and executed on the victim's machine, potentially using process injection techniques as suggested by the API calls observed. The presence of an embedded executable strongly suggests a downloader or droppper functionality.

Heuristics 1

Base64-encoded Windows executable payload in PDF critical PDF_BASE64_PE_PAYLOAD

PDF text contains a long base64 blob that decodes to a verified Windows PE executable. This catches payloads hidden after EOF, inside comments, or in plain text outside normal PDF streams.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`base64_pdf_pe_000002fe.exe` `cac25a0c85ff0522a7105b86ac53326b6c5a8b9031d9ab76d5f39249c561bd20`	embedded-pe	PDF raw base64 PE payload at offset 0x2FE	52736 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.