Malicious PDF — malware analysis report

Static analysis result for SHA-256 b93beb384402d739…

MALICIOUS

PDF

146.6 KB Created: 2025-06-05 15:48:38 +00:00 Authoring application: Chromium (via Skia/PDF m127) First seen: 2026-06-10
MD5: f2a42e44e70cc1d06e6af8894913e4a8 SHA-1: b146e16963f21a630983d85b30f9d349d62948d9 SHA-256: b93beb384402d7395fa2cf32d6d6be8f7cf2f4740b2f880ed24f92159f51dfdf
60 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0003

Heuristics 2

  • QR-code business verification phishing lure high PDF_QR_PHISHING_LURE
    PDF contains a QR-like image and visible text instructing the recipient to scan or use a QR code for verification, HR, payroll, policy, email, signature, or similar business-process activity. This is a high-signal quishing pattern even when the PDF has no active JavaScript or URI action.
  • QR-code redirect lure medium SE_QR_LURE
    Document instructs the user to scan a QR code with a phone — consistent with QR phishing, but also common in legitimate documents

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_002_off00007472.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x7472 49152 bytes
SHA-256: 913c6548457582e7961d92e396be8a7773f0070739a2723396f3e9ee479f4843
icc_00_off000001db.icc pdf-icc-profile PDF ICC profile at offset 0x1DB 536 bytes
SHA-256: d9f822e8083f2f4d1c91e887454be5f75e8c7144b2853408f361e3c4a7a6b36d
font_00_sfnt_off00015305.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x15305 53660 bytes
SHA-256: 3d82cfd735c778428b08dfeb73e556bdc21860ec089378753a04e60647f86acf
font_01_sfnt_off0001d68b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x1D68B 31664 bytes
SHA-256: 99d9c490589e5738666533104ed64c3fb94ba36cdfc48316e0637c7c6f68b8ec