Malicious PDF — malware analysis report

Static analysis result for SHA-256 3c1a5e6ae43f031c…

MALICIOUS

PDF

2.1 KB First seen: 2026-05-11
MD5: 9356e3b98f8c32272a00e7b902bb86f4 SHA-1: a0673dd807ca47b2556ac2bea1348856cd715e29 SHA-256: 3c1a5e6ae43f031cce54676c9a877eaa08a6b379ca59d2f1503fdcdafe2dc816
66 Risk Score

Malware Insights

MITRE ATT&CK
T1559.001 Component Object Model Hijacking T1204.002 Malicious File

The PDF document was flagged as highly malicious by a machine learning model with a score of 0.999976. Static analysis revealed the presence of an embedded file and an XFA form, indicating a potential for exploiting vulnerabilities or delivering malicious content. The ML_NYX_PDF_MALICIOUS heuristic firing strongly supports the suspicious verdict.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • PDF embedded file could not be fully decoded medium PDF_EMBEDDED_FILE_UNDECODED
    A declared PDF /EmbeddedFile stream uses filters that the scanner could not decode. The raw stream was carved for artifact triage because malformed or unsupported attachment filters can hide payload content from normal extraction.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0001_undecoded.bin pdf-embedded-file-undecodable PDF EmbeddedFile object 1 at offset 0x50; filter decode failed 1281 bytes
SHA-256: 7d1df4beb915701587cc09a007868c4b6147155b392174ed25a0a029a260d57d

Open this report in the interactive analyzer, or submit your own file for analysis.