PDF malware analysis — malicious · ee7dd051d7b03cea

MALICIOUS

PDF

69.5 KB

MD5: 0235a9d74308150c0408fbdf09bbd40d SHA-1: bee2da4afb6ee4a7c77224514eddebb4040b391f SHA-256: ee7dd051d7b03cea388c717997cd99a83daf9fbf14e5561bb7171376f8e8695c

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059 Command and Scripting Interpreter T1059.001 PowerShell T1204.002 Malicious File T1566.001 Spearphishing Attachment T1071.001 Web Protocols T1105 Ingress Tool Transfer

The PDF file contains a critical heuristic firing indicating a Base64-encoded Windows executable payload. This payload is likely designed to be decoded and executed, potentially using process injection techniques as suggested by the API calls observed. The presence of an embedded executable within a PDF strongly suggests a malicious delivery mechanism, aiming to trick the user into opening the PDF and subsequently executing the embedded malware.

Heuristics 1

Base64-encoded Windows executable payload in PDF critical PDF_BASE64_PE_PAYLOAD

PDF text contains a long base64 blob that decodes to a verified Windows PE executable. This catches payloads hidden after EOF, inside comments, or in plain text outside normal PDF streams.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`base64_pdf_pe_000002fe.exe` `cac25a0c85ff0522a7105b86ac53326b6c5a8b9031d9ab76d5f39249c561bd20`	embedded-pe	PDF raw base64 PE payload at offset 0x2FE	52736 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.