PDF static analysis report

Static analysis result for SHA-256 99d1605f33073fab…

CLEAN

PDF

57.79 MB First seen: 2014-04-05
MD5: c05c0a05fd3e4dc39fa35b57538018ff SHA-1: de851f01840b1b7d69568e01996dec15f4b77be0 SHA-256: 99d1605f33073fab2f608f3629a0546f2f2eb98d6ac8ed1baf1322437c1a34ee
2 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains embedded JavaScript and a high number of streams, suggesting obfuscation or a malicious payload. The 'Fake invoice / payment lure' heuristic indicates the document's content is designed to deceive the user. While no specific malicious URLs or scripts were extracted, the combination of these factors points to a phishing attempt leveraging a deceptive document.

Heuristics 1

  • Analysis timed out (partial result) info ANALYSIS_TIMEOUT_PARTIAL
    Analysis exceeded the wall-clock timeout. Heuristics emitted by completed phases are preserved; phases interrupted mid-execution may have missed findings.

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_014_off0010d282.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x10D282 4194304 bytes
SHA-256: f9237074b2765357b856d2d2fc7e1b5f6bc9abc86b87e33e7feaf863340f3dd7
stream_016_off012b894b.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x12B894B 27568 bytes
SHA-256: 43238e0445bd8ec63bbeed8325c640efdf49e8260254d60bb72a3d3bb846257a