PDF malware analysis — malicious · 34a7f8eea84d7634

MALICIOUS

PDF

32.2 KB

MD5: 305d171e68866ce2f106de4fcfeae81f SHA-1: 26750238e22d361eaa3fac7d24768b5fe709b67d SHA-256: 34a7f8eea84d7634e7222db244885ce64bf81341ac45121b288dfc7b78567c52

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and ClamAV as malicious, specifically detecting JavaScript exploits. The presence of an XFA form and an embedded URL further supports this. The embedded script likely attempts to download and execute a second-stage payload, although the exact mechanism is obfuscated within the XFA structure.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Js.Exploit.HTML-30
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSEOF. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.