Malicious PDF — malware analysis report

Static analysis result for SHA-256 adc0d0137653105f…

MALICIOUS

PDF

4.1 KB
MD5: 99bc8ce2fb07a706b77d77bbf0e1221b SHA-1: 9725c7d14ceb1ed8bf42645bcd6fc006ca686e5b SHA-256: adc0d0137653105fdbc327e2cd626d39aef085d3466b57ee24170b18dad349a6
66 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file exhibits multiple indicators of malicious intent, including an embedded script payload and an ML classifier flagging it with high confidence. The presence of an embedded file further suggests a multi-stage attack. The embedded script is the primary mechanism for delivering the malicious payload.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Embedded script payload in PDF stream medium PDF_EMBEDDED_SCRIPT_PAYLOAD
    PDF stream bytes contain an HTML/XFA <script> tag without accompanying Windows shell-execution primitives — common in accessible XFA forms but worth surfacing for analyst review.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0008.bin
e8bba0ece970ecdfe2c5010b6094547e68a701488cf68d058d944fde3bc07ce3		 pdf-embedded-file PDF EmbeddedFile object 8 at offset 0xEA 12859 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.