PDF malware analysis — malicious · aba8065669c06187

MALICIOUS

PDF

12.6 KB Authoring application: Python PDF Library 055 http072057057pybrary056net057pyPdf057

MD5: 7f306263280b136e3c339f5c950d1d02 SHA-1: e8178f1f726955696923e755736c372512bab58a SHA-256: aba8065669c06187f32d4cba1e5863970e1491814f710d94c79549c3511cce11

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

This PDF file contains embedded JavaScript and RichMedia (Flash) content, indicating an attempt to exploit vulnerabilities. The embedded file 'sploit.swf' is highly suspicious. While the embedded URL was confirmed benign, the presence of exploit-related content suggests a malicious intent, likely to deliver a secondary payload or exploit a browser/PDF reader vulnerability.

Heuristics 5

RichMedia (Flash) high PDF_RICHMEDIA

PDF contains /RichMedia (Adobe Flash) which is a historic exploit vector
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://adobe.com/AS3/2006/builtin

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`sploit.swf` `70e6dbce3b11aaece2d38f1d315dee7736c7ab9138a74cdadc8126393c857018`	pdf-embedded-file	PDF EmbeddedFile object 8 at offset 0xDD8	781 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.