Malicious PDF — malware analysis report

Static analysis result for SHA-256 ff3db035b5b23465…

MALICIOUS

PDF

10.5 KB
MD5: 6b5c5016203f6d7860df9d4d3ca878b4 SHA-1: 4ed6c32105e7eef76b2468c22633862383fef171 SHA-256: ff3db035b5b23465560915f1129d034499dc2d30753cc6353dda153d2231ab40
76 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is a PDF document identified as malicious by ClamAV due to obfuscated object names, suggesting an attempt to evade detection. The presence of XFA forms and an embedded file further indicates a malicious structure, likely intended to exploit a PDF vulnerability for payload delivery. No specific IOCs were extracted, and the document body was unreadable.

Heuristics 3

  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Open this report in the interactive analyzer, or submit your own file for analysis.