Malicious PDF — malware analysis report

Static analysis result for SHA-256 2f474a2a17ae3810…

MALICIOUS

PDF

10.5 KB
MD5: cb83d696b238296ba53d400157850291 SHA-1: 4f534f69b1288aaca20d4a3dcf95dba2b113f317 SHA-256: 2f474a2a17ae3810476eba53c588324161b969a7b7d47d5c0d1653f57c0ac154
78 Risk Score

Malware Insights

MITRE ATT&CK
T1553.005 Mark-of-the-Web Bypass

The PDF file exhibits characteristics of malicious intent, including obfuscated objects and an embedded binary file. The ClamAV heuristic 'Heuristics.PDF.ObfuscatedNameObject' strongly indicates malicious obfuscation techniques. The presence of an embedded file, 'embedded_file_obj0001.bin', suggests this PDF is a dropper or container for further malicious content.

Heuristics 4

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0001.bin
0b1b624cc83990906bc2e187aed15d58d7c166b493a9a690624d2de7ff1f6d4b		 pdf-embedded-file PDF EmbeddedFile object 1 at offset 0x88 13408 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.