Malicious PDF — malware analysis report

Static analysis result for SHA-256 5adb63162748e7b7…

MALICIOUS

PDF

3.0 KB
MD5: 7a382644d6708276af5f964e6fc77c29 SHA-1: 7d0166c74d199c8e70bb200f71733683356cbac6 SHA-256: 5adb63162748e7b7c689dccbdcbbe6a056e9f3b6d32877c3530b9a59564bd2c2
78 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF contains embedded Flash content, indicated by the PDF_RICHMEDIA heuristic and the presence of 'malware_dec.swf'. This suggests an attempt to exploit a client-side vulnerability, likely through a spearphishing attachment, to execute malicious code. The ML classifier strongly supports the malicious nature of the file.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9973

Heuristics 2

  • RichMedia (Flash) high PDF_RICHMEDIA
    PDF contains /RichMedia (Adobe Flash) which is a historic exploit vector
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
malware_dec.swf
ea5d7dad0d7bd577caca230ba5e8e081400c297fd7d4bc38438aeacdb9ddc50b		 pdf-embedded-file PDF EmbeddedFile object 5 at offset 0x1B2 1556 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.