Malicious PDF — malware analysis report

Static analysis result for SHA-256 e33d320032cd2aae…

MALICIOUS

PDF

4.1 KB
MD5: a15a5076716194d1700b141ba9582609 SHA-1: 6b512c2269c0ae484304715274de04a97b364448 SHA-256: e33d320032cd2aae721ffe79c623f9bd85de40408d8bafb2d21aa34d95327b52
66 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier with a very high probability of being malicious. Heuristics indicate the presence of an embedded script payload within a PDF stream, and an embedded file object. The document body content is heavily obfuscated and unreadable, suggesting it is not intended for human consumption but rather to facilitate the execution of the embedded payload.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • Embedded script payload in PDF stream medium PDF_EMBEDDED_SCRIPT_PAYLOAD
    PDF stream bytes contain an HTML/XFA <script> tag without accompanying Windows shell-execution primitives — common in accessible XFA forms but worth surfacing for analyst review.
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0008.bin
46929f70c802fa999a902c11e522c8621acf5e6dad4f6b38738af0e8eb717247		 pdf-embedded-file PDF EmbeddedFile object 8 at offset 0xEA 12484 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.