PDF malware analysis — malicious · 90494046502b177e

MALICIOUS

PDF

13.2 KB Authoring application: Python PDF Library 055 http072057057pybrary056net057pyPdf057

MD5: b073b0340f9e8fd3b0a0db0b770d4e03 SHA-1: f30ce6b4305585fbd3c9f89e8ddb9cc18f72fa94 SHA-256: 90494046502b177e53cdea2111722ec9c28ecee3a289e9c1b925ade68299a7b4

64 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The PDF contains embedded Flash content (sploit.swf) and triggers JavaScript actions, indicating an attempt to exploit vulnerabilities. The high-severity 'PDF_RICHMEDIA' heuristic firing strongly suggests the embedded Flash is malicious. While the embedded URL was confirmed benign, the presence of the exploit file and JavaScript points to a delivery mechanism for a secondary payload.

Heuristics 5

RichMedia (Flash) high PDF_RICHMEDIA

PDF contains /RichMedia (Adobe Flash) which is a historic exploit vector
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://adobe.com/AS3/2006/builtin

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`sploit.swf` `70e6dbce3b11aaece2d38f1d315dee7736c7ab9138a74cdadc8126393c857018`	pdf-embedded-file	PDF EmbeddedFile object 8 at offset 0x107F	781 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.