Malicious PDF — malware analysis report

Static analysis result for SHA-256 f71081e6d5cd9c9d…

MALICIOUS

PDF

10.4 KB
MD5: 87c39074b526a90ab8aa496f40aa2101 SHA-1: 7754da8d823a96c17c4665961013fe2021e017ea SHA-256: f71081e6d5cd9c9d2148d132c8e61cd09039db712cb99da826da8d5a945df643
78 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1027 Obfuscated Files or Information

The PDF file exhibits characteristics of malicious intent, including obfuscated object names and the presence of an embedded file. The ClamAV heuristic 'Heuristics.PDF.ObfuscatedNameObject' strongly suggests malicious activity. The embedded file, named 'embedded_file_obj0001.bin', is likely the payload. Due to the lack of readable document body text and script content, the exact nature of the attack and the specific malware family remain undetermined.

Heuristics 4

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE
    One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
embedded_file_obj0001.bin
a1e40e80aaa024b6d0d4fff83a8039ddb00b709585294f53e8f4fb2d1d2a8eaf		 pdf-embedded-file PDF EmbeddedFile object 1 at offset 0x7E 13408 bytes
Detection
ClamAV: No threats found
Obfuscation or payload: likely
Carved artifact contains 1 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.