Malicious PDF — malware analysis report

Static analysis result for SHA-256 331d0e2ed56c7cb0…

MALICIOUS

PDF

120.0 KB
MD5: 959b1963b5bff13c0247e7839123c048 SHA-1: eb018cf7c89cdb8b8fe6c07838a10c71728b4390 SHA-256: 331d0e2ed56c7cb086c4045126405421c917c6d6c18de30026b4a9249757f8c0
68 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File

The PDF file contains an XFA form, which is a known vector for exploitation. ClamAV identified this file as Pdf.Exploit.Dropped-78, indicating it's designed to drop malicious content. The embedded URL, though seemingly benign, is present within the document structure, suggesting a potential download or redirection mechanism.

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.