PDF malware analysis — malicious · 2f6b70e874029706

MALICIOUS

PDF

120.7 KB

MD5: 77da399dcefb830c3552b7403f16666f SHA-1: 092bb8700db5ec500b07f9c39143a5d66948057e SHA-256: 2f6b70e874029706ecedbb90e236cd771e01572185f4cd1cec87c0d9497544b3

70 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious Link T1204.002 Malicious Link: Malicious File

The file is identified as malicious by ClamAV with the signature Pdf.Exploit.Dropped-78. It contains an embedded URL and utilizes XFA forms, which are often associated with exploits. The presence of XFA forms and an embedded URL suggests the document is designed to lure the user into triggering an exploit that downloads a secondary payload.

Heuristics 4

ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSEOF. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.