PDF malware analysis — malicious · f0dd20db2a269f43

MALICIOUS

PDF

102.9 KB Created: ÓQíÇíÇZÙGµsCvDÑQ_÷ Authoring application: Çl%±§Å]-OVþÙ (via ÖL¿ô¶å!ÔS~6ÁfS ¾)"^q² °) First seen: 2026-05-04

MD5: f611d658303fb1b38b764f3ef08d4704 SHA-1: 672fd25a514eaf9aa564fd659caa5f8a6e67bf86 SHA-256: f0dd20db2a269f4394bd53921f5a3d538b91cea78321a8cf7388000de34064fc

92 Risk Score

Machine Learning

Nyx PDF Classifier clean score 0.0039

Heuristics 4

Suspicious extracted artifact medium EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTED

PDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.iec.ch In PDF document text

Extracted artifacts 4

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`brshw.ex`	pdf-embedded-file	PDF EmbeddedFile object 86 at offset 0x6608	14316 bytes
SHA-256: `644c7b91275e00ba78b3e543890579464f8cd229b3a403768dbc42ddaee96631`
Detection ClamAV: Win.Worm.FunnyPics-1 Obfuscation or payload: likely actual_type=PE; declared_or_context_type=PDF; filename=brshw.ex; kind=pdf-embedded-file
`icc_00_off00004552.icc`	pdf-icc-profile	PDF ICC profile at offset 0x4552	408 bytes
SHA-256: `653b586c4707574ffcd648ba35494daed2c76ceafcf4c07d315ed961b1dc347f`
`icc_01_off00004678.icc`	pdf-icc-profile	PDF ICC profile at offset 0x4678	3144 bytes
SHA-256: `2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e`
`embedded_file_obj0086.bin`	pdf-embedded-file	PDF EmbeddedFile object 86 at offset 0x662D	14316 bytes
SHA-256: `b731faf1d005c0dff01f908f594f0aa0938724c48552246d21c326e3c4e182ff`
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact entropy is 7.99, consistent with packed or encrypted content.

Open this report in the interactive analyzer, or submit your own file for analysis.