Malicious PDF — malware analysis report

Static analysis result for SHA-256 e2d527879889391b…

MALICIOUS

PDF

8.3 KB
MD5: bca59fc2a89b1db6d1398981bdedc8fc SHA-1: 0e275e7f88351bb35f1f96c7d80d5dafa7f3d77c SHA-256: e2d527879889391b736e499f5bae88dac5630d5b33ed978833f25a7fb1212215
66 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF file contains embedded content and an embedded script payload, strongly indicating malicious intent. The ML classifier also flagged this PDF with high confidence. While no specific family is identified, the presence of embedded scripts and files points to a common delivery technique for malware. The embedded URLs are related to XFA forms, which have been historically exploited.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9964

Heuristics 4

  • Embedded script payload in PDF stream medium PDF_EMBEDDED_SCRIPT_PAYLOAD
    PDF stream bytes contain an HTML/XFA <script> tag without accompanying Windows shell-execution primitives — common in accessible XFA forms but worth surfacing for analyst review.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ns.adobe.com/xdp/
    • http://www.xfa.org/schema/xci/1.0/
    • http://www.xfa.org/schema/xfa-template/2.5/

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0008.bin
04462f810d6eacdacecc9d0a5f3f81bebc722af4415e04da19b520338f642b51		 pdf-embedded-file PDF EmbeddedFile object 8 at offset 0xD7 67 bytes
embedded_file_obj0009.bin
e2e0f6c5cb2e0b2697da89386bfc3718eedaf1b6a2b1d24dd1176d27117bf77a		 pdf-embedded-file PDF EmbeddedFile object 9 at offset 0x162 781 bytes
embedded_file_obj0010.bin
45c6313a70c534019cc5824825e927269c8e9e5955559ca35419268e1686932d		 pdf-embedded-file PDF EmbeddedFile object 10 at offset 0x4BA 81 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.