Malicious PDF — malware analysis report

Static analysis result for SHA-256 db9bb0bad67a9464…

MALICIOUS

PDF

4.2 KB
MD5: b225e8f20e0f23acd710eb89bb33c0f8 SHA-1: 0ca84bf3f34db4b61f587fc21982621bb6a1d854 SHA-256: db9bb0bad67a9464de642ea699f02ecc96f4bc7a095c21c72d4c478e5388fbba
66 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious File Execution T1204.002 Malicious File Execution: User Execution

The PDF file contains an embedded script payload, indicated by the PDF_EMBEDDED_SCRIPT_PAYLOAD heuristic. The ML classifier also strongly flagged this PDF as malicious. The presence of an embedded script suggests an attempt to execute malicious code upon opening or interaction with the document, likely leading to further compromise.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Embedded script payload in PDF stream medium PDF_EMBEDDED_SCRIPT_PAYLOAD
    PDF stream bytes contain an HTML/XFA <script> tag without accompanying Windows shell-execution primitives — common in accessible XFA forms but worth surfacing for analyst review.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0008.bin
37470da5e4176768773eec60a2fd3af8564493064929667409e0bdd7216fec35		 pdf-embedded-file PDF EmbeddedFile object 8 at offset 0xEA 12843 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.