Malicious PDF — malware analysis report

Static analysis result for SHA-256 35d0b5c3946acade…

MALICIOUS

PDF

7.8 KB
MD5: 680fb93d065d8655b55d08e25d1e75eb SHA-1: fe15e49a50b184966549179f13a7fdeec6381c3c SHA-256: 35d0b5c3946acade3b89dc4283defbc61aaeb031f74fb259ea782a6807e9ccd1
68 Risk Score

Malware Insights

MITRE ATT&CK
T1059 Command and Scripting Interpreter T1059.007 JavaScript

The PDF file contains an XFA form, which is often used to embed malicious content. ClamAV detected this file as Js.Exploit.HTML-30, indicating the presence of exploit code, likely JavaScript. The embedded URL, though seemingly benign, is associated with XFA templates and could be part of the exploit chain. The exploit likely aims to download and execute a secondary payload.

Heuristics 2

  • ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Js.Exploit.HTML-30
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Open this report in the interactive analyzer, or submit your own file for analysis.