MALICIOUS
106
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The file was detected as malicious by ML classifiers and ClamAV, specifically as Pdf.Exploit.Agent-36928. Static analysis revealed embedded files and an XFA form, common characteristics of malicious PDFs designed to exploit vulnerabilities or deliver secondary payloads. The embedded URL, while seemingly benign, is part of the overall malicious structure.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
ClamAV: Pdf.Exploit.Agent-36928 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Exploit.Agent-36928
-
Embedded file low PDF_EMBEDDEDPDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
-
XFA form low PDF_XFAPDF uses XML Forms Architecture — can contain script logic
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.xfa.org/schema/xfa-locale-set/2.1/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
embedded_file_obj0041.binc06dcd026a7ea0536b63e07ce688691b585339a3ab7ff59065e546b56308c7bb |
pdf-embedded-file | PDF EmbeddedFile object 41 at offset 0x1651 | 85 bytes |
embedded_file_obj0044.bin3dd68f00f4fcb366a2a3a17c65cb2626eeddf5ea5713302d374310561d810169 |
pdf-embedded-file | PDF EmbeddedFile object 44 at offset 0x17C0 | 144 bytes |
embedded_file_obj0045.bin10c03f88a5f0a0833dc5b2c8ac295b3a3c6f65e23889eb8cc1dc6fe29bf7f275 |
pdf-embedded-file | PDF EmbeddedFile object 45 at offset 0x186C | 77 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.