Malicious PDF — malware analysis report

Static analysis result for SHA-256 46a1b3d810975b5e…

MALICIOUS

PDF

69.5 KB
MD5: fe012e5c77fd4918d27621ad9cdfabbb SHA-1: 1975c0244ec8ec56082a7b5a70428f24166b22b8 SHA-256: 46a1b3d810975b5e94336fb6ebc69ccf91b2e11d2319ba3feb3fee1a7723dd82
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059 Command and Scripting Interpreter T1105 Ingress Tool Transfer T1071 Application Layer Protocol

The PDF file contains a critical heuristic firing indicating a Base64-encoded Windows executable payload. This payload is likely intended to be decoded and executed, potentially leading to further malicious activity such as process injection. The embedded executable's SHA256 hash is provided as a high-priority IOC.

Heuristics 1

  • Base64-encoded Windows executable payload in PDF critical PDF_BASE64_PE_PAYLOAD
    PDF text contains a long base64 blob that decodes to a verified Windows PE executable. This catches payloads hidden after EOF, inside comments, or in plain text outside normal PDF streams.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
base64_pdf_pe_000002fe.exe
cac25a0c85ff0522a7105b86ac53326b6c5a8b9031d9ab76d5f39249c561bd20		 embedded-pe PDF raw base64 PE payload at offset 0x2FE 52736 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.