MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
The primary indicator of maliciousness is the critical ClamAV detection of the EICAR test signature, both directly and within an embedded artifact. This confirms the file's nature as a test case for security software. No other malicious indicators were found.
Heuristics 4
-
ClamAV: Eicar-Test-Signature critical CLAMAV_DETECTIONClamAV detected this file as malware: Eicar-Test-Signature
-
ClamAV detection on extracted artifact critical EXTRACTED_FILE_CLAMAVClamAV flagged at least one file extracted from inside this sample. Even when the wrapping document carries no AV detection of its own, a hit on the carved artifact is a strong indicator the sample is a delivery vehicle.
-
Embedded file low PDF_EMBEDDEDPDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/g/img/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
eicar.com275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f |
pdf-embedded-file | PDF EmbeddedFile object 36 at offset 0xD6D0 | 68 bytes |
|
Detection
ClamAV:
Eicar-Test-Signature
Obfuscation or payload:
unlikely
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.