Malicious PDF — malware analysis report

Static analysis result for SHA-256 c2264e1663c01dfc…

MALICIOUS

PDF

1.3 KB
MD5: 2ae9ff54bf996825fa50674e207686d7 SHA-1: 48b8eb8ac95a7db50cba7c492aa9121223132b1b SHA-256: c2264e1663c01dfc6385e448eb2a39dba76158ca4d53d4749c90f3140743840e
76 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The file is a PDF document identified as malicious by ClamAV due to obfuscated object names. The presence of XFA forms and embedded files suggests an attempt to exploit PDF vulnerabilities. While no specific exploit or payload is directly visible, the obfuscation and embedded file are strong indicators of malicious intent.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Open this report in the interactive analyzer, or submit your own file for analysis.