Malicious PDF — malware analysis report

Static analysis result for SHA-256 928f42f32252457f…

MALICIOUS

PDF

3.0 KB
MD5: 887c3c1a3486f7e8de1c43727f656220 SHA-1: 023505c64ad2f7e2da3183c2cba6b4949728561e SHA-256: 928f42f32252457f85f3d5928149fce8d24f5daabfea1ba4b82fec7a59a0a9b5
76 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1027 Obfuscated Files or Information

The PDF file exhibits malicious characteristics, including obfuscated objects and an embedded file, as indicated by the ClamAV detection and PDF heuristics. The presence of an embedded file suggests a multi-stage attack where this PDF acts as a dropper. The lack of readable document body text or scripts prevents a more detailed analysis of the specific lure or payload delivery mechanism.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0001.bin
83e9ffbee741c5307d2ec7350e209f0ae8965e5aa4ab969dca748101617b1fd3		 pdf-embedded-file PDF EmbeddedFile object 1 at offset 0x84 13601 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.