PDF malware analysis — malicious · bd1a89e2a6de11cc

MALICIOUS

PDF

10.7 KB Created: QMdfOpAmjua

MD5: bef547431eb7749954c0e82d8c75e300 SHA-1: e296d4f0b3d4515725b35f1083150e60a61fd29e SHA-256: bd1a89e2a6de11cc3c223ab17911e06d6ea5a9e72900de2ab04a3c7cac668d13

68 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF sample was flagged by a machine learning classifier as malicious with a high confidence score. Static analysis revealed an embedded script payload and an embedded file, indicating a likely exploit delivery mechanism. The presence of these elements strongly suggests the document is designed to download and execute a secondary malicious payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

Embedded script payload in PDF stream medium PDF_EMBEDDED_SCRIPT_PAYLOAD

PDF stream bytes contain an HTML/XFA <script> tag without accompanying Windows shell-execution primitives — common in accessible XFA forms but worth surfacing for analyst review.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`embedded_file_obj0011.bin` `8e28f3e3394e6a93ddeea97d4214dd721fc4266317d4e38e43d75c8c1cf75bde`	pdf-embedded-file	PDF EmbeddedFile object 11 at offset 0x7D1	16090 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.