Malicious PDF — malware analysis report

Static analysis result for SHA-256 3727e7d47f75646c…

MALICIOUS

PDF

10.4 KB
MD5: 38c2efee620cb5eb90fec3821b2db8cb SHA-1: 1b5087231bdf48b623dc1e75a9be8b5e66606f8d SHA-256: 3727e7d47f75646c287936b01fbf4f6f7c60f10b64a21f4cd991f368dcea5b0d
78 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1027 Obfuscated Files or Information

The PDF file exhibits characteristics of malicious intent through the presence of obfuscated objects and an embedded file, as flagged by ClamAV and static triage. The embedded file, named 'embedded_file_obj0001.bin', is a strong indicator of a dropper or downloader mechanism. The XFA form and general obfuscation suggest an attempt to evade detection.

Heuristics 4

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0001.bin
5fcf0532f228de09f675aa5ee28496ef58cdb05ac18c4bd8e132d380bb48a80e		 pdf-embedded-file PDF EmbeddedFile object 1 at offset 0x88 13408 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.