Malicious PDF — malware analysis report

Static analysis result for SHA-256 b8736e891cb99057…

MALICIOUS

PDF

2.1 KB
MD5: 6b534bef7e5f088ff2b7337833d79c95 SHA-1: c7199d353aca93596e9b38f398a086b0631f550b SHA-256: b8736e891cb99057ae7b10af1349c6744d34e575b0ed1308480adbaf61f6f18c
78 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The PDF file contains an embedded artifact that triggers a critical heuristic for CVE-2010-0188, an Adobe Reader LibTIFF XFA image exploit. This indicates the file is designed to exploit this specific vulnerability for initial execution. No document body text was available for further analysis of the lure, but the exploit itself is the primary indicator of malicious intent.

Heuristics 4

  • Adobe Reader LibTIFF XFA image exploit — CVE-2010-0188 critical CVE likely CVE_2010_0188
    PDF contains XFA image data with an inline crafted TIFF payload and shellcode/delivery markers. This is the data-bound variant of the CVE-2010-0188 Adobe Reader LibTIFF/XFA exploit shape.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0001.bin
da5da177a91122687b2f2cfc505b8aa88620fe542ee503cb059adec81c3befbd		 pdf-embedded-file PDF EmbeddedFile object 1 at offset 0x51 12213 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.