MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1203 Exploitation for Client Execution
The ClamAV heuristic 'Pdf.Exploit.CVE_2012_4152-1' strongly indicates that this PDF file is designed to exploit CVE-2012-4152. The presence of multiple suspicious extracted artifacts, including decompressed PDF streams, further supports the malicious nature of the file. The document body was unreadable, but the exploit signature is sufficient for a high-confidence assessment.
Heuristics 2
-
ClamAV: Pdf.Exploit.CVE_2012_4152-1 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Exploit.CVE_2012_4152-1
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 18
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off00002c29.bind844306c1ca6482f17337abf5d188f8fafcb61d08920c5593998668bb98b2413 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2C29 | 29386 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.92, consistent with packed or encrypted content.
|
|||
stream_006_off00009a4c.bincbaf78a568650a340969c83a178ffeaacd7068d84b41b9d229c133a41a757da0 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x9A4C | 28369 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.91, consistent with packed or encrypted content.
|
|||
stream_012_off000176fd.bin7e85fd02047fb5516c821cfe3a0d1fc2e381ffd05305ee2141deed3d8bb07ec8 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x176FD | 58778 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.99, consistent with packed or encrypted content.
|
|||
stream_014_off0002cbd4.binf6374689c528ba0f6ba1caf656c6f5f43f430780ad326f8038cab8402efd8411 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2CBD4 | 49573 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.92, consistent with packed or encrypted content.
|
|||
stream_015_off000386f3.bin0e58bc3903c4de60e76c5151e71c0cb1f8701797cb7bf341ea8d5b76a89e0c92 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x386F3 | 57530 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.99, consistent with packed or encrypted content.
|
|||
stream_021_off00049407.binfe35a6366f130e479577c04553edb595d0502421bd60ce923046207a19db939d |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x49407 | 27361 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.90, consistent with packed or encrypted content.
|
|||
stream_022_off0004fa25.bin0f5b5795ba6d0834bae45a590d394d5b0dee4195a3fe8cf5712927a18f39543c |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x4FA25 | 55895 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.99, consistent with packed or encrypted content.
|
|||
stream_024_off0005d406.binfb10d8bb46c2a165a3ad676dee6c797a1731794dcd5393f39add760d1167ea98 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x5D406 | 28002 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.91, consistent with packed or encrypted content.
|
|||
stream_079_off000dd015.binfeac8cfc5dc27b748e9e34f5cf7158894d83a3118891111d9ffde8968c83e5e5 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xDD015 | 29735 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.92, consistent with packed or encrypted content.
|
|||
font_01_type1_off000103ca.binde29323592a921147e96a6fd87e91073df30d3288b76afa7421a8222c6bdca85 |
pdf-font-stream | PDF embedded font (type1) at offset 0x103CA | 28642 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.92, consistent with packed or encrypted content.
|
|||
font_06_type1_off000bff0f.bin088476ae46bc13e4247ce49f28fc78216b159053c482e72153c6a04844961df9 |
pdf-font-stream | PDF embedded font (type1) at offset 0xBFF0F | 28028 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.91, consistent with packed or encrypted content.
|
|||
font_07_sfnt_off000c76a6.bin9076da0481f3a07760b0b094f2597b6e9cf7552fc2d562742db7af5251f9885f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC76A6 | 4192 bytes |
font_08_sfnt_off000ca3ad.bin7970965843770deb1f8c23cb3c4891d68bed5beaf293c314f38f91ae6850d8c0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCA3AD | 8604 bytes |
font_09_sfnt_off000cbcae.binc375b6b50e8c3d2a8241349039730d2314a182229bb36e422be0f9d78b8a119e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCBCAE | 7076 bytes |
font_10_type1_off000cf86b.bin6028ca72896a771f967d8289cd02cb8cc75c68c2db2f680cc57ba1306cecb408 |
pdf-font-stream | PDF embedded font (type1) at offset 0xCF86B | 54589 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.98, consistent with packed or encrypted content.
|
|||
font_12_sfnt_off000e7d3a.binbaa0d9239210176109b33ea48a3068c1610e5789a0a9d5acef96950497ef541b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE7D3A | 5748 bytes |
font_13_sfnt_off000e9b77.bin2f74fdb2d0f340899aee5d154d201b992a2b49e32541c1db562d667899983fe8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE9B77 | 4484 bytes |
font_14_sfnt_off000eb788.bin181101aa1f5f6bddd961ad8436c0b1a3cd9b1129608b2c2f98e7a83b5ad89d3e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEB788 | 4484 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.