Malicious PDF — malware analysis report

Static analysis result for SHA-256 5d2d8dc3ca07eac7…

MALICIOUS

PDF

2.0 KB
MD5: 9f413ae3ca046fa50581f84a1c373e49 SHA-1: 2b686be5b2e61bcd386f8e93a472e454377a2202 SHA-256: 5d2d8dc3ca07eac7eb75dca0c148a36f6770def8767fe0524a76b3a919ef381d
110 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The sample is a PDF file flagged by ClamAV as Pdf.Exploit.CVE_2015_3070-1, indicating exploitation of a known vulnerability. Heuristics also point to U3D content related to Adobe Reader 3D parser exploits. The ML classifier strongly supports a malicious verdict. The document body is minimal and does not provide further context on the exploit's specific lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9545

Heuristics 2

  • U3D/3D content in PDF — Adobe Reader 3D parser CVE-family indicator medium CVE related PDF_U3D_CVE_RELATED
    PDF contains U3D (Universal 3D) or 3D annotation content — CVE-2011-2462 and CVE-2009-3953 are critical vulnerabilities in Adobe Reader's U3D processing that allow arbitrary code execution. U3D content in PDFs is extremely rare in normal documents.
  • ClamAV: Pdf.Exploit.CVE_2015_3070-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.CVE_2015_3070-1

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
u3d_00_off000001fe.bin
db47f9e6c2fa22cca9aaaaba842bc1035f54c0acd3737dbd64b69dc1671da5eb		 pdf-3d-stream PDF U3D 3D stream at offset 0x1FE 1268 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.