Malicious PDF — malware analysis report

Static analysis result for SHA-256 78b6b2b9271ad7dd…

MALICIOUS

PDF

2.6 KB
MD5: 968ccfd1d8610a12a5fad3704336af97 SHA-1: 96096a08cee9f366f49fdb946817f16f28228f99 SHA-256: 78b6b2b9271ad7dd3c8ecc07d5be9197e5e0fb409a74490b7113e90219a32c8d
78 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The PDF file contains an embedded XFA form with a critical heuristic match for CVE-2010-0188, indicating an exploit targeting Adobe Reader. This exploit likely allows for arbitrary code execution upon opening the document. No scripts were extracted, and the document body was not sufficiently readable to provide further context.

Heuristics 4

  • Adobe Reader LibTIFF XFA image exploit — CVE-2010-0188 critical CVE likely CVE_2010_0188
    PDF contains XFA image data with an inline crafted TIFF payload and shellcode/delivery markers. This is the data-bound variant of the CVE-2010-0188 Adobe Reader LibTIFF/XFA exploit shape.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic (matched inside decoded stream)
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0001.bin
730ebe7fdf97208d62df97b174aea974e7ec98491d378053ef85ca5d77a8ff77		 pdf-embedded-file PDF EmbeddedFile object 1 at offset 0x51 13433 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.