Malicious PDF — malware analysis report

Static analysis result for SHA-256 d5712f02d3b037fc…

MALICIOUS

PDF

13.0 KB
MD5: e99b2b2ea0785e78db3459645a76ef26 SHA-1: 8ccc85ead453416760d54c131c9d2745364daa09 SHA-256: d5712f02d3b037fcb38ba0d854acb58db2cfbfb9d212e902ace56f411b191fd9
150 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution T1566.002 Phishing: Spearphishing Attachment

The file is a PDF document flagged by multiple engines, including ClamAV, as Win.Exploit.Jailbreak-1. This indicates it likely exploits a vulnerability within the PDF reader to achieve code execution. The ML classifier also strongly suggests maliciousness. No document body or scripts were available for further analysis, but the critical ClamAV detection is sufficient to classify this as a malicious exploit delivery.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8897

Heuristics 2

  • ClamAV: Win.Exploit.Jailbreak-1 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Exploit.Jailbreak-1
  • ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAV
    ClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_cff_off00000458.bin
ff9df09c736c5e5d33c316a0726797c58f0793cfb343a5c0e600f42283b5fff3		 pdf-font-stream PDF embedded font (cff) at offset 0x458 40077 bytes
Detection
ClamAV: Win.Exploit.Jailbreak-1
Obfuscation or payload: unlikely

Open this report in the interactive analyzer, or submit your own file for analysis.