PDF malware analysis — malicious · 7a8326cdac430db3

MALICIOUS

PDF

70.1 KB

MD5: 9935a25351d023fda20cbec6639a2dc2 SHA-1: dc4e01f0f25c32530fbaf2c53cf776658a978c1c SHA-256: 7a8326cdac430db3c211e546d80978f3f44706f75209d41579980518223d5be6

132 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF contains obfuscated object names, a common technique to evade detection, and was flagged by multiple heuristics including ML classifiers and ClamAV. The embedded URL suggests a potential download location for a secondary payload. The ML classifier's high confidence score indicates a strong likelihood of malicious intent.

Machine Learning

Nyx PDF Classifier malicious score 0.9876

Heuristics 3

ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION

ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
Hex-obfuscated structural name object high PDF_OBFUSCATED_NAME_OBJECT

A structurally-dangerous PDF name (e.g. /OpenAction, /Launch, /AA, /EmbeddedFile, /SubmitForm) is written with #XX hex escapes to evade string-based scanners. Legitimate producers write these names literally; hex-encoding them is a deliberate obfuscation technique.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.bitstream.com

Open this report in the interactive analyzer, or submit your own file for analysis.