Malicious PDF — malware analysis report

Static analysis result for SHA-256 a4d746bccf2739a6…

MALICIOUS

PDF

4.1 KB
MD5: bd1bf89a61132c9281ae16d2e037226d SHA-1: 162306157d93a7f402f0f9c922d8b1ec02fd10c8 SHA-256: a4d746bccf2739a6e2c6bdaa804f6cd61bcf9cdf4556783f3e138104e6e7d8f8
66 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF exhibits multiple high-confidence indicators of maliciousness, including an embedded script payload and a strong ML classifier score. The presence of an embedded file further suggests it is designed to deliver a secondary payload. The specific nature of the embedded script could not be determined due to obfuscation, but its presence is a strong indicator of malicious intent.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Embedded script payload in PDF stream medium PDF_EMBEDDED_SCRIPT_PAYLOAD
    PDF stream bytes contain an HTML/XFA <script> tag without accompanying Windows shell-execution primitives — common in accessible XFA forms but worth surfacing for analyst review.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0008.bin
ef516b8acd6e5b1a97d05636b191580075e1e8c7d7f0dd1f18388b134a936607		 pdf-embedded-file PDF EmbeddedFile object 8 at offset 0xEA 12454 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.