MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
T1059.001 PowerShell
T1059.003 Windows Command Shell
The critical ClamAV detection of Html.Exploit.CVE_2012_1526-1, combined with the high heuristic firing for visible LOLBin command execution, strongly suggests this PDF is designed to exploit a known vulnerability. The embedded JavaScript stream and the unusually high number of streams further indicate obfuscation and potential exploit code. The primary intent appears to be the execution of malicious code, likely leading to the download of a second-stage payload.
Heuristics 5
-
ClamAV: Html.Exploit.CVE_2012_1526-1 critical CLAMAV_DETECTIONClamAV detected this file as malware: Html.Exploit.CVE_2012_1526-1
-
Visible LOLBin command execution instruction high SE_LOLBIN_RUN_COMMANDDocument contains instructions or visible command text involving Windows script/execution tools such as PowerShell, mshta, cmd, rundll32, or regsvr32
-
Unusually high stream count medium PDF_MANY_STREAMSPDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/g/img/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#
- http://ns.adobe.com/illustrator/1.0/
- http://ns.adobe.com/xap/1.0/t/pg/
- http://ns.adobe.com/xap/1.0/sType/Dimensions#
- http://ns.adobe.com/xap/1.0/g/
- http://ns.adobe.com/xap/1.0/sType/ResourceEvent#
- http://ns.adobe.com/xap/1.0/sType/ManifestItem#
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/sType/Font#
Extracted artifacts 30
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_cff_off000070be.bin90da0863a3f104679d483efbddc6800d7cebea749bbf405f9f516e7d2f19fb0f |
pdf-font-stream | PDF embedded font (cff) at offset 0x70BE | 22167 bytes |
font_01_sfnt_off0001b2d5.bin9f6cb424260fd21a79f549619481a503b2b18e5e3f68d246ab23f3c1a0664fb2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1B2D5 | 10808 bytes |
font_02_sfnt_off0001f580.binb5bafc0c48877569ae1bdfe8d80f7f7ef3be17fd1a79c7d1e3e7b571db17cc4d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1F580 | 14096 bytes |
font_03_sfnt_off00025acd.bin2c71630482dce1fda80ae8d331fa0cf5be7726dc56c5bae66e8c197119f6d427 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x25ACD | 84400 bytes |
font_04_sfnt_off000c933d.binfd4b7cd74a94799dfbd2df25a59f7c71907305372f38b52e3ace7b6cb9d337d0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC933D | 4732 bytes |
font_05_sfnt_off000d70b5.bin8556236c5a30c5eead6e565df2262a60ef5da9badf25ee5c02585564109d2489 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD70B5 | 28728 bytes |
font_06_cff_off00eae924.bin5a05f5bd3fbf57d59928d226234ca7651c300cb3047dbee40837abbcd24fbb3d |
pdf-font-stream | PDF embedded font (cff) at offset 0xEAE924 | 3021 bytes |
font_07_cff_off00eaf585.bin348502d8279471163b9c9ab9f75adbf1e5e543f0a32318156381c50869ef27c7 |
pdf-font-stream | PDF embedded font (cff) at offset 0xEAF585 | 2195 bytes |
font_08_cff_off00eaffc0.bin963d32fd1aa1b3215d36067a7b8a9257ce602017db3a8705a0c1e19d16bed815 |
pdf-font-stream | PDF embedded font (cff) at offset 0xEAFFC0 | 1300 bytes |
font_09_cff_off01436705.bind10ec10cb3441576b384f2e1e9cc0aeae5cc13b1650476e99fac02083c5c37da |
pdf-font-stream | PDF embedded font (cff) at offset 0x1436705 | 1382 bytes |
font_10_cff_off01437077.bindadf84d9ecb35432348e8a9f138c2f7bd0a37b49cd293f20af4f026a7eb7b3b4 |
pdf-font-stream | PDF embedded font (cff) at offset 0x1437077 | 229 bytes |
font_11_cff_off01479c95.binc2989c75ed802b428c435f502f3ecd65042e84d825ff3a71bfae0aeadc28c4cc |
pdf-font-stream | PDF embedded font (cff) at offset 0x1479C95 | 5344 bytes |
font_12_sfnt_off0147ada1.bin1638316779798e4b9414127deb06ed789e5f0710ab5db011f13b77acfefb31c5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x147ADA1 | 37332 bytes |
font_13_sfnt_off0147f376.bin674cf0b91320cd82800f0276d9938b30ad21964101927b72b1a4a1b89655be13 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x147F376 | 35632 bytes |
font_14_sfnt_off0148478a.bin198a4793953fe0d324a58655ea41e4269711b7e08d3196ef42bf2ea9719b09a2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x148478A | 6816 bytes |
font_15_sfnt_off015663b8.binecefc151ba77ef600d235214c3bc5c21c93eb23261e07ad6731ba663f0fdc816 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15663B8 | 20496 bytes |
font_16_sfnt_off01568de9.bin5ff741dddec63cf198cf47a2f1bb3fa7c91fdb6a8df2a1014194066da4a2c14b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1568DE9 | 32220 bytes |
font_17_sfnt_off01579f40.bin7a6902b2fee512ae9f4d9f09c54c05bffacd5f5b5818eaad893c52933eb196b4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1579F40 | 36492 bytes |
font_18_cff_off0157db6f.bina55d206f45ffce69ed29ffb50feb20c00b6332478bf330c516452a9a766af1df |
pdf-font-stream | PDF embedded font (cff) at offset 0x157DB6F | 21969 bytes |
font_19_sfnt_off0158e1ef.bin15d17f8fb87cb618530f5a2bcc190101b5e50c10d5d372f76763458b77a967e4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x158E1EF | 6160 bytes |
font_20_sfnt_off01592af5.bin50385e304bd43017dc0dc7d5a70430bc694e10adb0a982b84ae33278f568ab02 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1592AF5 | 4812 bytes |
font_21_sfnt_off01595650.bin97909b4255e1576892b385db684e7aab2133959e80c28ee0c606d9a4c64dadae |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1595650 | 12276 bytes |
font_22_sfnt_off0159fa82.bin9d147b0474288481fc457a6ef3cca57190b0f429af74878034ae5896cb8b7340 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x159FA82 | 6224 bytes |
font_23_sfnt_off015a09ca.binfb33b4bf726015b1a44e0c1ddeeefe8e24312aa0494f863a0461ece7c45a1741 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15A09CA | 43504 bytes |
font_24_sfnt_off015b439d.bin0a8b3c20b9092c46f0ffbf1b55ff7e55daf8b18179e8fce7de5599e0dc7d56c6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15B439D | 15888 bytes |
font_25_sfnt_off015bd0a4.bin0899ab1b94a796ed6dfe7b31a8ac43590b4abe861982ec9412dde5961bd366d9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15BD0A4 | 23284 bytes |
font_26_sfnt_off015dc06b.bin05376e0889b8fbce22b85261a43cd067b2a45fb5fa09825dde68265886878cc3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15DC06B | 6724 bytes |
font_27_cff_off01621f61.bin4949b426a0329572e57f4dec56289233f42b3e9f675845f35208cd3474e2be39 |
pdf-font-stream | PDF embedded font (cff) at offset 0x1621F61 | 17354 bytes |
font_28_sfnt_off01635c72.bin7ee3e16fc8d1815ea28772dcd30ab5b3e2d397135fefc235d4e74105f2bab7ce |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1635C72 | 44668 bytes |
font_29_sfnt_off0167b1ea.bincc990d80fbe9802acc422883a00bfb006d01ceff44b61a0f49920b9f5a1ef0cf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x167B1EA | 67496 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.