Malicious PDF — malware analysis report

Static analysis result for SHA-256 dcdb78ad1a33c91b…

MALICIOUS

PDF

65.3 KB Created: 2026-04-10 11:14:26 +02:00 Authoring application: Writer (via LibreOffice 24.2) First seen: 2026-05-29
MD5: c762e271fdd67bf06368b0495057e987 SHA-1: 3cfa0a30bf44866570487074748dc116fccdfac6 SHA-256: dcdb78ad1a33c91b1229cb8cfd995337e6031b1eb4ef75d753e0368ab6a900fe
72 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0171

Heuristics 3

  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.daf-mag.fr/Thematique/achats-1033/Breves/lettre-recommandee-electronique-toute-securite-245950.htm PDF link annotation
    • http://www.lesnewsdunet.com/lesactus/communique-1411725362.htmlIn PDF document text
    • http://www.paris-communiques.com/communiques/tessicommuniques.com/In PDF document text
    • http://www.daf-mag.fr/Thematique/achats-1033/Breves/lettre-recommandee-PDF link annotation
    • http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensedIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://www.aiim.org/pdfa/ns/id/In PDF document text
    • http://www.aiim.org/pdfa/ns/extension/In PDF document text
    • http://www.aiim.org/pdfa/ns/schema#In PDF document text
    • http://www.aiim.org/pdfa/ns/property#In PDF document text
    • http://www.aiim.org/pdfua/ns/id/In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://scripts.sil.org/OFLIn PDF document text

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
EICAR.txt pdf-embedded-file PDF EmbeddedFile object 17 at offset 0x528C 68 bytes
SHA-256: 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
Detection
ClamAV: Eicar-Test-Signature
Obfuscation or payload: unlikely
font_00_sfnt_off00009eb8.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x9EB8 24308 bytes
SHA-256: ce611066d2653183c8904da9522174189eac305b4462fb881191560688b1661a
font_01_sfnt_off0000d859.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xD859 12640 bytes
SHA-256: 7fa220c30363cd4f8618c7c0e6fef7520cd4a1d08ceae53ebe1d49db9f10c341
font_02_sfnt_off0000f65c.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xF65C 3340 bytes
SHA-256: 4e3a4774baa10bedbef1130190f56a5ca29f0e1168fb3b7d13ce36b53ea1b9dd