MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
The file was identified as malicious by ClamAV, specifically detecting the EICAR test signature. This signature is a standard way to test antivirus software. The PDF structure also shows embedded files, one of which is the EICAR test file itself.
Heuristics 3
-
ClamAV: Eicar-Test-Signature critical CLAMAV_DETECTIONClamAV detected this file as malware: Eicar-Test-Signature
-
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAVClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
-
Embedded file low PDF_EMBEDDEDPDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
eicar.com275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f |
pdf-embedded-file | PDF EmbeddedFile object 273 at offset 0x5335E | 68 bytes |
|
Detection
ClamAV:
Eicar-Test-Signature
Obfuscation or payload:
unlikely
|
|||
stream_122_off000153d7.bin3433ab15485d110c370027a3e74f7db6db0e929cfc48afd69f213efb8a6e4796 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x153D7 | 42008 bytes |
font_00_sfnt_off0001ae28.bin5e9d665e3795304048433da9d7675e8b8fa2194cf08f86027b85f71c05877aad |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1AE28 | 28716 bytes |
font_01_cff_off00028ac6.bin57ef845c7c1f09dd02b3073e4d8fc2f08677bf53beb711218b4bd2bd59ab35c6 |
pdf-font-stream | PDF embedded font (cff) at offset 0x28AC6 | 623 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.