Malicious PDF — malware analysis report

Static analysis result for SHA-256 5b4e3d3d58951b4e…

MALICIOUS

PDF

10.5 KB
MD5: c1c94eed2d7a8d793ee05651fd3b38b0 SHA-1: e990cf0f36cdc8404feefe5c5d171b8a77148e27 SHA-256: 5b4e3d3d58951b4e437379eb55fafe81565e1276e743d852aeb8304c3f5c07cd
106 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript

The file is identified as a malicious PDF by multiple heuristics, including ML classification and ClamAV detection for obfuscated objects. The presence of XFA forms and embedded files suggests an attempt to execute embedded content or exploit vulnerabilities. While no specific document body text or scripts were clearly extracted for direct analysis of user-facing lures, the overall structure and detection signatures point to a malicious PDF designed to deliver a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9978

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Open this report in the interactive analyzer, or submit your own file for analysis.