MALICIOUS
110
Risk Score
Malware Insights
MITRE ATT&CK
T1566.003 Phishing: Exploiting Trust in Email
T1204.002 Malicious File: User Execution: Malicious File
The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for obfuscated objects and an ML classifier indicating high maliciousness. The presence of an embedded file further supports the malicious nature. The document body is heavily obfuscated and unreadable, suggesting an attempt to hide malicious content. The primary attack vector appears to be exploiting a PDF vulnerability to deliver a secondary payload, as indicated by the embedded file.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 4
-
ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTIONClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
-
Embedded file low PDF_EMBEDDEDPDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
-
XFA form low PDF_XFAPDF uses XML Forms Architecture — can contain script logic
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
embedded_file_obj0001.binec825329b13a4ec19215bfce5cb2fc11110678de50792e62403b914ec7c97740 |
pdf-embedded-file | PDF EmbeddedFile object 1 at offset 0x80 | 13408 bytes |
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact contains 1 long base64-like blob(s).
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.