PDF malware analysis — malicious · 9efa58c0c1d76316

MALICIOUS

PDF

13.2 KB Authoring application: Python PDF Library 055 http072057057pybrary056net057pyPdf057

MD5: 13f77b205844f64e010f5e5c88b2202c SHA-1: b42784267cf4b78bd25da5219401eddad1b6c174 SHA-256: 9efa58c0c1d76316a339f42d7b072945b45254e7e94e84a759bb5393d47969b3

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains embedded JavaScript and RichMedia (Flash) content, indicating an attempt to exploit vulnerabilities. The presence of a PDF_RICHMEDIA heuristic firing strongly suggests the exploitation of a Flash Player vulnerability. While a URL was extracted, it was confirmed as benign. No document body text was available for further context.

Heuristics 5

RichMedia (Flash) high PDF_RICHMEDIA

PDF contains /RichMedia (Adobe Flash) which is a historic exploit vector
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://adobe.com/AS3/2006/builtin

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`embedded_file_obj0008.bin` `70e6dbce3b11aaece2d38f1d315dee7736c7ab9138a74cdadc8126393c857018`	pdf-embedded-file	PDF EmbeddedFile object 8 at offset 0x107E	781 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.