PDF malware analysis — malicious · 223648a31782999f

MALICIOUS

PDF

46.8 KB

MD5: 70882582cea42e6b3d54fbd478dc0571 SHA-1: e45cdaae32f87d969bc513725b1dc73b2b67e110 SHA-256: 223648a31782999fc3dd432f95b750cf6a3181c22cf580c71ab635c421f784b8

70 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious Link T1204.002 Malicious Link: Malicious File

The file is a PDF document identified by ClamAV as Pdf.Exploit.Dropped-78, indicating it's a known exploit dropper. The presence of an embedded URL, although seemingly benign, is often used in conjunction with exploit code within PDF files to download secondary payloads. The XFA form detected suggests a complex structure often leveraged for exploitation.

Heuristics 4

ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSEOF. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.