Malicious PDF — malware analysis report

Static analysis result for SHA-256 26ca1a5379c739d9…

MALICIOUS

PDF

120.7 KB
MD5: 3a45927ffc3c2b7071445b9959224b76 SHA-1: 29b4128638fd1fa47f475d4d71e05c9b8da89987 SHA-256: 26ca1a5379c739d9222b87e2934acfd62e865c14f353e966c540aeeae4d4123c
68 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The critical ClamAV heuristic firing indicates this PDF is malicious, specifically identified as Pdf.Exploit.Dropped-78. The presence of an embedded URL, although seemingly benign, is often used in exploit delivery. The XFA form heuristic suggests the document may leverage Adobe's XML Forms Architecture for exploitation.

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.