PDF malware analysis — malicious · 9e8ee3b44ba1d7ca

MALICIOUS

PDF

9.0 KB Created: 2012-05-05 01:06:38 -07:00 Authoring application: Writer (via LibreOffice 3.4)

MD5: fbd69e1048e25cac541e98e7ee0a9e97 SHA-1: 6cea01e45c96487bffbb6c4221bf82d87b3260d5 SHA-256: 9e8ee3b44ba1d7ca68ce72109afb3bc36062455e635ac3f74d12ba403a92fbf1

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as a PDF with a ClamAV detection for Win.Trojan.VGEN-717. The PDF heuristic indicates it's an image-only lure, suggesting it's designed to trick the user rather than present direct information. No specific malicious scripts or URLs were extracted, but the overall structure and detection point to a malicious intent, likely for payload delivery.

Machine Learning

Nyx PDF Classifier clean score 0.1690

Heuristics 2

ClamAV: Win.Trojan.VGEN-717 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.VGEN-717
PDF paints image(s) but contains no text operators info PDF_IMAGE_ONLY_LURE

PDF has 2 image XObject(s) and the content stream contains no text-emitting operators (BT/ET, Tj, TJ, ', ") in either raw bytes or decompressed streams — this is the screenshot-as-PDF pattern used to bypass text-based scanners and to deliver instructions purely through rendered pixels. It is informational unless paired with invisible links or risky URI context.

Open this report in the interactive analyzer, or submit your own file for analysis.