PDF malware analysis — malicious · e5605a46a2b790ca

MALICIOUS

PDF

1.0 KB First seen: 2026-05-11

MD5: 9653ae5ee7c7ad1938092a929b98c4e0 SHA-1: 7ea784f50d4a39f9db3d8662f4fcfebcd271a9aa SHA-256: e5605a46a2b790ca14aa95bf7a9f1c633adbb1eab99709bc5bcbc41f1a403d38

66 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The PDF document was identified as suspicious due to the presence of an embedded file and XFA form, both common techniques for obfuscating malicious content. A machine learning classifier assigned a very high probability of maliciousness (0.999955). While no specific malicious behavior was directly observed in the limited document body, the combination of these indicators strongly suggests an attempt to deliver a malicious payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

Malformed active-content stream length medium PDF_MALFORMED_EXPLOIT_STREAM_LENGTH

A PDF stream that carries active/exploit-looking content has a declared /Length that does not match the recovered stream body. Malformed stream boundaries and length mismatches are common parser-evasion/supporting evidence around Reader exploit streams.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic

Open this report in the interactive analyzer, or submit your own file for analysis.