PDF malware analysis — malicious · f7976d16345e3ba1

MALICIOUS

PDF

18.6 KB

MD5: 355404ad5daaf21476abc16820a62251 SHA-1: c1b10665e6b59d8436dfc7b45cf0d4fb23f016b8 SHA-256: f7976d16345e3ba18d2115307c998334d21edd55eb9b41dc14a759a12c0d665f

68 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1566.001 Spearphishing Attachment T1027 Obfuscated Files or Information

The PDF was flagged by a machine learning classifier as malicious with high confidence. Static analysis revealed an embedded script payload and an embedded file, indicating the document is designed to deliver and potentially execute additional malware. The ML_NYX_PDF_MALICIOUS heuristic firing strongly supports this assessment.

Machine Learning

Nyx PDF Classifier malicious score 0.9999

Heuristics 4

Embedded script payload in PDF stream medium PDF_EMBEDDED_SCRIPT_PAYLOAD

PDF stream bytes contain an HTML/XFA <script> tag without accompanying Windows shell-execution primitives — common in accessible XFA forms but worth surfacing for analyst review.
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGE

One or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`embedded_file_obj0071.bin` `a1b35218092558bad260b117d3f24375bfb6166be66e19f11dd849f528c90e05`	pdf-embedded-file	PDF EmbeddedFile object 71 at offset 0x5C	24936 bytes
Detection ClamAV: No threats found Obfuscation or payload: likely Carved artifact contains 1 long base64-like blob(s).

Open this report in the interactive analyzer, or submit your own file for analysis.