Malicious PDF — malware analysis report

Static analysis result for SHA-256 2ddce9f593717592…

MALICIOUS

PDF

515.1 KB Created: 2007-01-17 17:21:36 -08:00 Authoring application: FrameMaker 6.0 (via Mac OS X 10.4.8 Quartz PDFContext)
MD5: 33f8957b203f0769fb6a0361aa7818b3 SHA-1: 402ea8d202b37501f05fe8bf7bea5812c2dbc6b8 SHA-256: 2ddce9f593717592f3d60c31c365c2155ebaa4661c896e3ba66cac8aa11f3e04
62 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The file is identified as a malicious PDF by ClamAV with the signature Pdf.Exploit.Agent-21369. Static triage also flagged a suspicious extracted artifact, indicating a potential exploit embedded within the document structure. No document body text or scripts were available for further analysis, limiting the ability to determine the exact nature of the payload or delivery mechanism.

Heuristics 2

  • ClamAV: Pdf.Exploit.Agent-21369 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-21369
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 9

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off00074322.icc
eb03db58ff1f226c83103a11f30b5520f9b68a7ced67daa78992723e3ea0411d		 pdf-icc-profile PDF ICC profile at offset 0x74322 1320 bytes
icc_01_off00074f49.icc
b19f52a50b618356019f55d18010d1e9403eb67e2e8ab14d8564de2f9e8ed67c		 pdf-icc-profile PDF ICC profile at offset 0x74F49 1200 bytes
font_00_cff_off00077df5.bin
a903549fc6460c8c8f600684253d8bc7db2392064a09377c82e20af5ac14cdac		 pdf-font-stream PDF embedded font (cff) at offset 0x77DF5 7422 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact entropy is 7.42, consistent with packed or encrypted content.
font_01_cff_off0007967a.bin
6c72df62145e81d8b3adf28fdcf7e3b0286b716bfbc6783ab77661beaa672a83		 pdf-font-stream PDF embedded font (cff) at offset 0x7967A 5444 bytes
font_02_cff_off0007aa78.bin
7b6417ab05198170cdfa9140bdd4482e019348fb9cfea8e7dd08ce58549d8cb2		 pdf-font-stream PDF embedded font (cff) at offset 0x7AA78 3586 bytes
font_03_cff_off0007b80d.bin
4cad64489c286d010cdb298708daf38020c1278fcc45e57db12c9c1a675bd7dc		 pdf-font-stream PDF embedded font (cff) at offset 0x7B80D 926 bytes
font_04_cff_off0007bbc8.bin
9feab39b7bff08be837aa9a26be1fccb7979b53eac78d3ed5e5687990de15883		 pdf-font-stream PDF embedded font (cff) at offset 0x7BBC8 2626 bytes
font_05_cff_off0007c5b5.bin
db2a29b54f748d4c60bd142406b2afd2152cef3d6e04bceb019a452837a6aaba		 pdf-font-stream PDF embedded font (cff) at offset 0x7C5B5 3806 bytes
font_06_cff_off0007d4b1.bin
50caff7bb8d56be60a3a0213c461fa498bfc07a619b5c5fb2ed04e3b71538707		 pdf-font-stream PDF embedded font (cff) at offset 0x7D4B1 3978 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.