Malicious PDF — malware analysis report

Static analysis result for SHA-256 6d8bbc426d54df41…

MALICIOUS

PDF

9.2 KB
MD5: 5d1df7545cfc4e9a2bbcdffadb259fbf SHA-1: 2fee570bed3ad40a5e6e057cd1fed44519f8d944 SHA-256: 6d8bbc426d54df416dca53c07c840de058d12ecbaf206d7b258e0815112db3ec
98 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The sample is a PDF file flagged by multiple heuristics, including ClamAV's 'Heuristics.PDF.ObfuscatedNameObject' and an ML classifier, indicating malicious intent. The 'PDF_EMBEDDED' heuristic suggests the presence of an embedded file, which is a common technique for delivering secondary payloads. The obfuscated nature and lack of readable document body text further support a malicious purpose, likely involving exploitation of a PDF vulnerability to achieve code execution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8959

Heuristics 2

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Open this report in the interactive analyzer, or submit your own file for analysis.