Malicious PDF — malware analysis report

Static analysis result for SHA-256 c222f88841e09a44…

MALICIOUS

PDF

4.2 KB
MD5: bf44fb793cfa0bfe4e8f4d5a6e75c257 SHA-1: 1d505284f4545e9862fcfe0eccac3e3e954120ad SHA-256: c222f88841e09a4465b1da119250cce958279cf00b965c07915ef28917a318f4
66 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was flagged by a machine learning classifier as malicious and contains an embedded script payload. The presence of an embedded file object further supports the likelihood of malicious intent. The embedded script is the primary indicator of the attack pattern, suggesting it is intended to execute a secondary payload.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Embedded script payload in PDF stream medium PDF_EMBEDDED_SCRIPT_PAYLOAD
    PDF stream bytes contain an HTML/XFA <script> tag without accompanying Windows shell-execution primitives — common in accessible XFA forms but worth surfacing for analyst review.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0008.bin
8598f27cb16e7439f8c69981b1f023199f8b8b457ca45819da7f5436bfd8bd45		 pdf-embedded-file PDF EmbeddedFile object 8 at offset 0xEA 12899 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.