PDF malware analysis — malicious · d0e9f7bdbc25246c

MALICIOUS

PDF

10.4 KB

MD5: 629eaa43377bf63471d8783943f6b6f3 SHA-1: 10f1b1c4f03b6c5e7786c5a51c57b2b2f199c07f SHA-256: d0e9f7bdbc25246c9bc27877a8c6c68b2aea63ca08d63ee5886dab7dd918f617

78 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1027 Obfuscated Files or Information

The PDF file was detected by ClamAV as Pdf.Dropper.Agent-7306792-0, indicating it is a dropper. Static analysis revealed an embedded file artifact, which is a common technique for delivering secondary payloads. The presence of XFA forms and encoded blobs further supports the malicious nature of the document.

Heuristics 4

ClamAV: Pdf.Dropper.Agent-7306792-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7306792-0
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`embedded_file_obj0001.bin` `f337ca796f9c1ecf279e76f818e8fdf00d3310aa4a2844e64bbada2c69862691`	pdf-embedded-file	PDF EmbeddedFile object 1 at offset 0x7C	13408 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.