Malicious PDF — malware analysis report

Static analysis result for SHA-256 6bb302de5cafdb6b…

MALICIOUS

PDF

1.2 KB
MD5: 3119e0aeb68ff4a7bf7f75b21f6fc2af SHA-1: 4b0c2d3549532d1209a152fc2680ce5073571266 SHA-256: 6bb302de5cafdb6bbd034bec44a8e17afb36509fbafba37b00b56368c3f17ad8
94 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains embedded JavaScript and RichMedia (Flash) content, indicating an attempt to exploit vulnerabilities for client execution. The ML classifier strongly suggests malicious intent. The embedded file name 'WGuAULiUrCKU.swf' is the primary IOC, likely a Flash exploit or payload.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 4

  • RichMedia (Flash) high PDF_RICHMEDIA
    PDF contains /RichMedia (Adobe Flash) which is a historic exploit vector
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Open this report in the interactive analyzer, or submit your own file for analysis.