Malicious PDF — malware analysis report

Static analysis result for SHA-256 ce118e4a87e2b10f…

MALICIOUS

PDF

132.8 KB
MD5: 82f5b4bff3cd516fdd273f1b5dbe0847 SHA-1: dcaee7b369af54623e5bff8b53785a7cd0839e5e SHA-256: ce118e4a87e2b10ff3132d4c6e5075b2aefb54b341b661a601fd03b3641950c5
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059 Command and Scripting Interpreter

The PDF file exhibits suspicious static findings, including multiple 'PDF_DANGLING_INDIRECT' alerts, indicating a malformed or intentionally obfuscated structure. The presence of embedded artifacts like ICC profiles and font streams, combined with the critical heuristic firing, suggests the PDF is designed to evade detection or exploit parsing vulnerabilities. Without further script or URL analysis, the exact attack vector remains unclear, but the structure points towards a malicious intent.

Heuristics 1

  • Secondary embedded PDF body has suspicious static findings critical POLYGLOT_CHILD_PDF_STATIC_TRIAGE
    A valid PDF body was found at a nonzero offset inside another container and its carved contents matched PDF exploit or lure heuristics. This catches polyglots where the top-level magic routes to ZIP/OLE while a PDF reader or downstream parser opens the hidden PDF payload.

Extracted artifacts 16

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off00012a80.icc
2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e		 pdf-icc-profile PDF ICC profile at offset 0x12A80 3144 bytes
font_00_cff_off00001930.bin
f5cdce540671c23748f267424700f9a3c16611c37e335556255521108eb540f9		 pdf-font-stream PDF embedded font (cff) at offset 0x1930 2136 bytes
font_02_cff_off00009ded.bin
794a2d2599e4fc29587fb21fe9c133c1796b2e2acc98b362576e7ef3f3657c1e		 pdf-font-stream PDF embedded font (cff) at offset 0x9DED 22119 bytes
font_03_cff_off0000e2ac.bin
36f0d8727297ac6ce8f0f8eeda4b8c086f02234afd1922e5577927234e777b08		 pdf-font-stream PDF embedded font (cff) at offset 0xE2AC 2956 bytes
font_04_cff_off0000f729.bin
1054dda794c74ffffbcca7c564c2a68b0bcb141498c38f7b925bd016add9627d		 pdf-font-stream PDF embedded font (cff) at offset 0xF729 558 bytes
font_05_cff_off0000f9b5.bin
f2a1c4b25c06c387c3525d89fff65c64a9c013357592b644ca51d6ac1f939535		 pdf-font-stream PDF embedded font (cff) at offset 0xF9B5 1544 bytes
font_06_cff_off00010219.bin
7be4532927a409108f4f87d41d516f99361a674ec1ed2eed831dbc178a0f1887		 pdf-font-stream PDF embedded font (cff) at offset 0x10219 1215 bytes
font_07_cff_off000134e9.bin
445439d448e05e3f462c154e22b184ecde541c1cfb930894112df139e2a05dc1		 pdf-font-stream PDF embedded font (cff) at offset 0x134E9 3786 bytes
font_08_cff_off000140db.bin
6049b08bf8dc8600941e974ed853dfc8ed905c8aafbef2906655e6da27e7a281		 pdf-font-stream PDF embedded font (cff) at offset 0x140DB 5276 bytes
font_09_cff_off0001546e.bin
abf64e933c46ca47721caf82abdfcc42cd1d6ed875b1ab50475bf47505b8d06a		 pdf-font-stream PDF embedded font (cff) at offset 0x1546E 338 bytes
font_10_cff_off00015619.bin
cc3808ac9def1e983fd54d2dd255d1e418fd1292201cb9ba00b14fab56f5d363		 pdf-font-stream PDF embedded font (cff) at offset 0x15619 131 bytes
font_11_cff_off000156f3.bin
e351b69c1d2ce9e3027017434e7cd4b0ffb3738d540faa25199989ecda96fd9a		 pdf-font-stream PDF embedded font (cff) at offset 0x156F3 1010 bytes
font_12_cff_off0002001f.bin
a0c7a2b4fbeaa35124ad6d03abd57e7fc9b45e42bdd8c453615dc94b0c856c87		 pdf-font-stream PDF embedded font (cff) at offset 0x2001F 1074 bytes
font_13_cff_off0002054e.bin
4e6c8cf6929d3de9d36ccad411bce262c276b7be06ad07eaa6591ca01d3adc60		 pdf-font-stream PDF embedded font (cff) at offset 0x2054E 351 bytes
font_14_cff_off000207b9.bin
7c626e634567f62f0f5a6a26d89bd1b16eb1af54f1d73037184810d268ddefe1		 pdf-font-stream PDF embedded font (cff) at offset 0x207B9 105 bytes
polyglot_child_pdf_off00006a8b.pdf
0b5e423ff30ae18db9bdcdeea3e002694d89ae4ea13e84dedd68ae470d693b70		 polyglot-child-pdf Secondary PDF body inside pdf container at offset 0x6A8B 108717 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.