Malicious PDF — malware analysis report

Static analysis result for SHA-256 90212beccce4103c…

MALICIOUS

PDF

4.2 KB
MD5: bad83985acf5ca4d7db6a299238515cd SHA-1: 69224d083d35e562647a2a77dfce840a0c1ba972 SHA-256: 90212beccce4103c09206f4d5f41c2d361d6fa17b62b404b7dbcfcc71fd1fd35
66 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier with high confidence (0.999972) and also triggered heuristics for embedded script payloads and embedded files. The presence of an embedded script payload indicates the PDF is likely intended to execute malicious code. The embedded file is also a strong indicator of a multi-stage attack.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Embedded script payload in PDF stream medium PDF_EMBEDDED_SCRIPT_PAYLOAD
    PDF stream bytes contain an HTML/XFA <script> tag without accompanying Windows shell-execution primitives — common in accessible XFA forms but worth surfacing for analyst review.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0008.bin
b1dec43fee088e242797a6370acc320abfab1fc16a087ee5885613d01cbc28e1		 pdf-embedded-file PDF EmbeddedFile object 8 at offset 0xEA 12861 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.