Malicious PDF — malware analysis report

Static analysis result for SHA-256 94136d36b043221e…

MALICIOUS

PDF

61.1 KB Created: 2020-07-21 00:29:14 Authoring application: Adobe PDF Library 9.0 First seen: 2026-06-12
MD5: 72a0d84277a16442f4b147986e2b8784 SHA-1: c9facead9e56430e174c32c5e91857acf9b44052 SHA-256: 94136d36b043221e9ce773c0b6f9fb350bfcd5ae3f1f55730e5eabd552500b3c
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The file is identified as malicious by ClamAV and an ML classifier, with heuristics indicating the presence of external URIs and embedded links. The document body, though heavily obfuscated, suggests an attempt to present itself as a standard PDF. The embedded URLs, particularly 'http://www.ascendercorp.com/' and 'http://www.ascendercorp.com/typedesigners.html', are flagged as unknown reputation and are likely part of the attack chain. No scripts were extracted, but the PDF structure and heuristics point towards a phishing or malware delivery attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5996

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.ascendercorp.com/ PDF link annotation
    • http://www.ascendercorp.com/typedesigners.htmlPDF link annotation
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#PDF link annotation
    • http://purl.org/dc/elements/1.1/PDF link annotation
    • http://ns.adobe.com/pdf/1.3/PDF link annotation
    • http://ns.adobe.com/xap/1.0/PDF link annotation
    • http://ns.adobe.com/xap/1.0/mm/PDF link annotation
    • http://ns.adobe.com/xap/1.0/rights/PDF link annotation
    • http://scripts.sil.org/OFLPDF link annotation
    • http://dejavu.sourceforge.netPDF link annotation
    • http://dejavu.sourceforge.net/wiki/index.php/LicensePDF link annotation

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00009eba.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x9EBA 4944 bytes
SHA-256: b099b911a760fab375a8cd145d59deeeff7be59d9de55c264f4c6345707de272
font_01_sfnt_off0000aef2.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAEF2 12024 bytes
SHA-256: 8c6eede448ce88c39109d560686960719f5b42bee4534520535b241d7af09c9a
font_02_sfnt_off0000d570.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xD570 16144 bytes
SHA-256: 8fb2621915dfc007ff2d0e30b281ceb029ddf1b64eebbf5d4dbd926fe97904ad

Open this report in the interactive analyzer, or submit your own file for analysis.