Malicious PDF — malware analysis report

Static analysis result for SHA-256 9e3be789a2bcbf6a…

MALICIOUS

PDF

3.9 KB
MD5: fef7d2cd8ac09008a9642615b52f4832 SHA-1: ed509f597f8f2072789b23f0c4eed7345c50317e SHA-256: 9e3be789a2bcbf6a41d287fe3dae7b627a90bf2b8061d44253a1bb69a8366bbc
62 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File

The PDF was detected by ClamAV as Win.Trojan.MSShellcode-7. Static analysis indicates it's an image-only lure, suggesting it relies on user interaction to execute a payload. No document body text or scripts were extracted, limiting further analysis of the specific attack vector.

Machine Learning

  • Nyx PDF Classifier clean score 0.0247

Heuristics 2

  • ClamAV: Win.Trojan.MSShellcode-7 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.MSShellcode-7
  • PDF paints image(s) but contains no text operators info PDF_IMAGE_ONLY_LURE
    PDF has 1 image XObject(s) and the content stream contains no text-emitting operators (BT/ET, Tj, TJ, ', ") in either raw bytes or decompressed streams — this is the screenshot-as-PDF pattern used to bypass text-based scanners and to deliver instructions purely through rendered pixels. It is informational unless paired with invisible links or risky URI context.

Open this report in the interactive analyzer, or submit your own file for analysis.