Malicious PDF — malware analysis report

Static analysis result for SHA-256 b7c56cc5cdef43fb…

MALICIOUS

PDF

7.1 KB
MD5: c08313f74894636eae88048561a89852 SHA-1: 7b8ad7f7899bf71b56573550a947fbfb5cd7da82 SHA-256: b7c56cc5cdef43fbde969038cdf652ffb30d5165e7fa0a0dd5b8676e88cf1019
64 Risk Score

Malware Insights

MITRE ATT&CK
T1559.002 Component Object Model Hijacking T1204.002 Malicious File

The PDF contains embedded Flash content, indicated by the PDF_RICHMEDIA and PDF_EMBEDDED heuristics. The embedded file is named 'exploit.swf', strongly suggesting its malicious intent. This type of embedding is often used to deliver exploits targeting Flash Player vulnerabilities or to host further stages of an attack. No JavaScript or VBA scripts were extracted, limiting the analysis of direct execution methods.

Heuristics 4

  • RichMedia (Flash) high PDF_RICHMEDIA
    PDF contains /RichMedia (Adobe Flash) which is a historic exploit vector
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded JS stream low PDF_JS
    PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
exploit.swf
cb7af0e67e2a0a76b8e50dd10996c7312a378dc5589bba1b97edfe55b7ea61cc		 pdf-embedded-file PDF EmbeddedFile object 14 at offset 0x4D5 3764 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.