Malicious PDF — malware analysis report

Static analysis result for SHA-256 2c345e0b64bea50e…

MALICIOUS

PDF

143.7 KB Created: 2026-04-07 10:52:55 +00:00 Authoring application: Chromium (via Skia/PDF m134)
MD5: d0d6a211bf3f0a8f5367e6de9e58277b SHA-1: 09e60b108cc335c28a030a6ead8383ff40a6029b SHA-256: 2c345e0b64bea50ee6ff17d5f174b698e7ebf1d8a6e6ee48667a518b803753a8
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a QR code that functions as a phishing lure, instructing the user to scan it with their phone. This is a common technique to redirect users to malicious websites for credential harvesting or malware delivery. No scripts were extracted, and the file type is PDF, limiting further analysis of dynamic behavior.

Heuristics 2

  • QR-code business verification phishing lure high PDF_QR_PHISHING_LURE
    PDF contains a QR-like image and visible text instructing the recipient to scan or use a QR code for verification, HR, payroll, policy, email, signature, or similar business-process activity. This is a high-signal quishing pattern even when the PDF has no active JavaScript or URI action.
  • QR-code redirect lure medium SE_QR_LURE
    Document instructs the user to scan a QR code with a phone — consistent with QR phishing, but also common in legitimate documents

Extracted artifacts 7

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off000001a3.icc
d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d		 pdf-icc-profile PDF ICC profile at offset 0x1A3 536 bytes
font_00_sfnt_off00005d7d.bin
b84e1b0873c45660b299fd3e9b3ddbfaff9ab67340ab12a00833b5a696b66a43		 pdf-font-stream PDF embedded font (sfnt) at offset 0x5D7D 25316 bytes
font_01_sfnt_off000096cc.bin
fe1e2c86e9bc0cca19d7edd42f1de09135dd24d311c58a3a8112817d2af48726		 pdf-font-stream PDF embedded font (sfnt) at offset 0x96CC 29316 bytes
font_02_sfnt_off0000e5ff.bin
923655c01989a2ac680d9d1a063dbe57573230c19b9171596157d363dac4ed5f		 pdf-font-stream PDF embedded font (sfnt) at offset 0xE5FF 53468 bytes
font_03_sfnt_off00016325.bin
153175e0aa44d1e4b8a383aa0955cf7b8fd0915b4306dec9ef77abcfb103b2c7		 pdf-font-stream PDF embedded font (sfnt) at offset 0x16325 31220 bytes
font_04_sfnt_off0001b801.bin
deb6851cd9853d95c815c5a1076815c680c1e2118207f73e90d5177e43a9bf0b		 pdf-font-stream PDF embedded font (sfnt) at offset 0x1B801 19516 bytes
font_05_sfnt_off0001e539.bin
00ad88a55b048325eff692f0a993db3d3f961624022d760342178ffde527b509		 pdf-font-stream PDF embedded font (sfnt) at offset 0x1E539 37304 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.