PDF malware analysis — malicious · 3ec2cc586a6510fc

MALICIOUS

PDF

141.9 KB Created: 2006-04-12 10:12:16 +09:00 Authoring application: Adobe Photoshop Version 6.0 (via ezPDFGate with Acrobat Distiller)

MD5: 1cb45854ce60760e9d3122de0e1fa555 SHA-1: 65eb422c745f10a7bef2ac0cde507ad38e280a72 SHA-256: 3ec2cc586a6510fc7d9d0a30b5c9732a27a2668616a98eac99b01a4df3bcc6fe

120 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious File T1204.002 Malicious File: User Execution

The file is identified as malicious by ClamAV with the signature Win.Exploit.Jailbreak-1, indicating it exploits a known vulnerability. The PDF structure and embedded artifacts suggest it is designed to deliver an exploit. No specific document body text or scripts were available for further analysis, limiting the ability to determine the exact payload or delivery mechanism.

Heuristics 3

ClamAV: Win.Exploit.Jailbreak-1 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Exploit.Jailbreak-1
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV

ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://ns.adobe.com/xap/1.0/
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/pdf/1.3/

Extracted artifacts 12

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`icc_00_off0000692c.icc` `2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e`	pdf-icc-profile	PDF ICC profile at offset 0x692C	3144 bytes
`font_00_cff_off00001592.bin` `3ae951534758b73275db5c09a715338fc4d56376ade87be27b197b7401b90486`	pdf-font-stream	PDF embedded font (cff) at offset 0x1592	40077 bytes
Detection ClamAV: Win.Exploit.Jailbreak-1 Obfuscation or payload: unlikely
`font_01_cff_off00007951.bin` `93c55eff1f7c863741f85c9ad00de9285c0fc2bad9dc53f0803487581c6749f7`	pdf-font-stream	PDF embedded font (cff) at offset 0x7951	37928 bytes
`font_02_cff_off0000e060.bin` `415b0df8b015dc651a3235348ae4b5d926622e98c166ce501c57eeaf7c05f32f`	pdf-font-stream	PDF embedded font (cff) at offset 0xE060	4093 bytes
`font_03_cff_off0000ee67.bin` `97e5da180ab1b9586c7f284ed77f4817544eee4ffabc8c93c56ad38fb8d220bb`	pdf-font-stream	PDF embedded font (cff) at offset 0xEE67	3674 bytes
`font_04_cff_off0000fb03.bin` `4d9d12f646f9e6a40a9593a3b22b07612bd016e32c89712450e652c05f400e27`	pdf-font-stream	PDF embedded font (cff) at offset 0xFB03	1256 bytes
`font_05_cff_off0001000b.bin` `d5021d5208a5fd279f30ba367ac96cf0e45da250bf67e67da610741bc02de6fc`	pdf-font-stream	PDF embedded font (cff) at offset 0x1000B	7087 bytes
`font_06_cff_off00011942.bin` `af4c48edacfa8d01c43751ec912ec6bd12524754a2c1a83fa5ba40123cab55bf`	pdf-font-stream	PDF embedded font (cff) at offset 0x11942	393 bytes
`font_07_cff_off00011cf8.bin` `2faaf12a0a562027f8d64424423573c99c7d07e476581a0d22812837d432d54f`	pdf-font-stream	PDF embedded font (cff) at offset 0x11CF8	524 bytes
`font_08_cff_off000120e8.bin` `91cd684810e0fe4454db007056242f6925edfe7847c7fb7a426f42b516d2101a`	pdf-font-stream	PDF embedded font (cff) at offset 0x120E8	12067 bytes
`font_09_cff_off000156f9.bin` `2ba5e4d01a581e3875687b071fb3ce9331d6447be410151113166443393ebaa6`	pdf-font-stream	PDF embedded font (cff) at offset 0x156F9	5379 bytes
`font_10_cff_off00021b17.bin` `bd3ec5ec37cdffc10ce00d67132b8e8f43dd50cf21a65d7898d4138bbd2a06ef`	pdf-font-stream	PDF embedded font (cff) at offset 0x21B17	1244 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.