Malicious PDF — malware analysis report

Static analysis result for SHA-256 c8f0727888da10f5…

MALICIOUS

PDF

4.2 KB
MD5: ae6fc4ef08efe434f0b52f7ac84d2d8d SHA-1: 9022eefbacec3988e2222d28e1aecce5c1f70a3f SHA-256: c8f0727888da10f58ff19f9ffc9570e51baf13ada4957c301aeaca39ec7b15fb
66 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment T1071.001 Web Protocols

The PDF was flagged by a machine learning classifier with high confidence as malicious. Heuristics indicate the presence of an embedded script payload within a PDF stream, suggesting an attempt to execute malicious code. The PDF also contains an embedded file, which could be the secondary payload. The XFA form and embedded file heuristics further support the malicious nature of the document.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Embedded script payload in PDF stream medium PDF_EMBEDDED_SCRIPT_PAYLOAD
    PDF stream bytes contain an HTML/XFA <script> tag without accompanying Windows shell-execution primitives — common in accessible XFA forms but worth surfacing for analyst review.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0008.bin
a96a5cb86d1bed5260b231b9035337974ba1b85917326c3ff8538d6135bf1cbe		 pdf-embedded-file PDF EmbeddedFile object 8 at offset 0xEA 12866 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.