PDF malware analysis — malicious · 53fd677d0c87daaa

MALICIOUS

PDF

13.2 KB Authoring application: Python PDF Library 055 http072057057pybrary056net057pyPdf057

MD5: b51d05aaefed3db0850dbce509183e63 SHA-1: eb5c9be5ce03c5d985fd2566ba1ec91457eefcd1 SHA-256: 53fd677d0c87daaab02cdb58f6074f91cf87cb402080ebd07418951e5199c9ad

64 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1559.002 Component Object Model Hijacking

The PDF contains embedded Flash content (sploit.swf) and triggers JavaScript actions, indicating an attempt to exploit vulnerabilities. The presence of RichMedia (Flash) and embedded files strongly suggests a malicious intent, likely to execute arbitrary code or download further stages. The embedded URL was confirmed benign, and no document body text was available for analysis.

Heuristics 5

RichMedia (Flash) high PDF_RICHMEDIA

PDF contains /RichMedia (Adobe Flash) which is a historic exploit vector
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://adobe.com/AS3/2006/builtin

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`sploit.swf` `70e6dbce3b11aaece2d38f1d315dee7736c7ab9138a74cdadc8126393c857018`	pdf-embedded-file	PDF EmbeddedFile object 8 at offset 0x107F	781 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.