Malicious PDF — malware analysis report

Static analysis result for SHA-256 b2c8a46452cbe911…

MALICIOUS

PDF

108.6 KB Created: 2024-09-09 21:34:12 +00:00 Authoring application: Chromium (via Skia/PDF m127) First seen: 2026-06-10
MD5: 5c2b2c547f918216544b854de9c4501b SHA-1: f969a4d14458f29bb56d05aa4c223e2de890611f SHA-256: b2c8a46452cbe911f13e8b88ad3f11f9a13f49c9f42babaa3fde2546fa9406dc
60 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0004

Heuristics 2

  • MFA / one-time-code harvesting lure high SE_MFA_LURE
    Document asks for a one-time code, authenticator approval, or MFA confirmation — consistent with credential phishing kits that steal session tokens or abuse multi-factor authentication
  • Document signing service impersonation lure medium SE_DOCUSIGN_LURE
    Document impersonates DocuSign, Adobe Sign, or a similar signing service in a signing-request context

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off000000f9.icc pdf-icc-profile PDF ICC profile at offset 0xF9 536 bytes
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d
font_00_sfnt_off0000afb5.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xAFB5 37868 bytes
SHA-256: 363e70a5f0391238e0fd7e717aeaae83e1711ca775471e3dcc1d51c16b8a94bc
font_01_sfnt_off00010b9a.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x10B9A 60692 bytes
SHA-256: 62d12573345d667ad8ff4ac558e3c728b870a344d0046ed12b576fdcb162f49a