Malicious PDF — malware analysis report

Static analysis result for SHA-256 a750576a953cff44…

MALICIOUS

PDF

10.4 KB
MD5: 2de2703e90f54957089181c5cf875ab9 SHA-1: 6cf4b17f3b31a152b52b67fb95d8a29ba51250a0 SHA-256: a750576a953cff4472066f8b2ff9680dff17e7c4ba5de0953269b5e3022a5f88
78 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1027 Obfuscated Files or Information

The PDF file exhibits characteristics of a malicious document, including obfuscated content and an embedded file. The ClamAV detection for 'Heuristics.PDF.ObfuscatedNameObject' and the presence of an embedded binary strongly suggest a malware delivery attempt. The embedded file, named 'embedded_file_obj0001.bin', is likely the payload.

Heuristics 4

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0001.bin
f674cebe4e547147a4d91aae94e2f7ec8c390bf30078a884d351d10559085a59		 pdf-embedded-file PDF EmbeddedFile object 1 at offset 0x80 13408 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.