Malicious PDF — malware analysis report

Static analysis result for SHA-256 a5075c30f6481d9e…

MALICIOUS

PDF

1.8 KB
MD5: a276566bf407e8a3475bd41c95e88e89 SHA-1: 2aea16a0a6a95830026f04773f50dfc771dbb34f SHA-256: a5075c30f6481d9e59245d8295812e7ee53caae52f59492899e65aa028e6a735
76 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1027 Obfuscated Files or Information

The PDF file exhibits characteristics of malicious intent, primarily through the use of obfuscation, as indicated by the critical ClamAV heuristic 'Heuristics.PDF.ObfuscatedNameObject'. The presence of an embedded file and XFA form further suggests an attempt to conceal malicious content or functionality. While no specific delivery mechanism or payload is directly evident from the limited document body, the overall obfuscation points towards an attack pattern designed to evade security measures.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Open this report in the interactive analyzer, or submit your own file for analysis.