Malicious PDF — malware analysis report

Static analysis result for SHA-256 c4eb4018e05c669f…

MALICIOUS

PDF

775.1 KB Created: 2003-11-22 05:40:56 +05:30 Authoring application: Acrobat 4.05 Capture Plug-in for Windows000 (via Acrobat 4.05 Import Plug-in for Windows000) First seen: 2015-08-19
MD5: d2060b4e95bc6fbed1a0aa6a4f6b5e8b SHA-1: 67f9d687a01f6b8577d3023eeb5c265df11b6b23 SHA-256: c4eb4018e05c669ff5112a5824658cf52e850b7514fba86154779c3408ae9c8a
68 Risk Score

Malware Insights

MITRE ATT&CK
T1566.003 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains PRC/3D content, which is a known indicator of malicious PDFs, and also uses ASCII85Decode filters with exploit indicators. These heuristics suggest the file is designed to exploit a vulnerability within PDF viewers. No document body or script content was available for further analysis, limiting the ability to determine the specific payload or delivery mechanism.

Machine Learning

  • Nyx PDF Classifier clean score 0.0009

Heuristics 3

  • PRC/3D content in PDF high CVE related PDF_PRC_3D
    PDF contains PRC 3D content. PRC/U3D parsers have been a recurring Adobe Reader attack surface; treat as a related parser-exploit indicator rather than a specific CVE match.
  • Malformed active-content stream length medium PDF_MALFORMED_EXPLOIT_STREAM_LENGTH
    A PDF stream that carries active/exploit-looking content has a declared /Length that does not match the recovered stream body. Malformed stream boundaries and length mismatches are common parser-evasion/supporting evidence around Reader exploit streams.
  • ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85
    ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation