PDF malware analysis — malicious · d126c9b751b3d7ab

MALICIOUS

PDF

10.4 KB

MD5: 66139268fcc43ab1d1ee6e00402eef52 SHA-1: 096249a05d1c23792d923c0fec32d362eebd03ae SHA-256: d126c9b751b3d7ab899eb48bc613a74da966c5f15b8a95a76171e0d811fbdc0d

78 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.001 PowerShell

The PDF document was flagged as malicious by ClamAV with the signature Pdf.Dropper.Agent-6290731-0. Static analysis revealed an embedded file, 'embedded_file_obj0001.bin', which is a strong indicator of a dropper or downloader. The XFA form heuristic also suggests a potentially complex or malicious document structure. The embedded file is the primary IOC.

Heuristics 4

ClamAV: Pdf.Dropper.Agent-6290731-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-6290731-0
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`embedded_file_obj0001.bin` `26964e043d9d0d017d7ecbef2378d9e5be7cb9c06a2a5f856832a5c1a6599cd6`	pdf-embedded-file	PDF EmbeddedFile object 1 at offset 0x7C	13408 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.