Malicious PDF — malware analysis report

Static analysis result for SHA-256 370327e3aeb6d4a7…

MALICIOUS

PDF

6.6 KB
MD5: a15f25490ce61141e7448d2f47502911 SHA-1: 32cbf1f006468280cd5fe5c1bda573d3b2991af1 SHA-256: 370327e3aeb6d4a7bf3b86091bc04f309a434c00cd2c5f8e2f4dcd7fdfd37cf3
98 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link T1566 Phishing T1204.002 Malicious File

The PDF was flagged by ClamAV as Pdf.Exploit.Agent-36928 and a machine learning classifier with high confidence. The presence of XFA form elements suggests an attempt to exploit PDF vulnerabilities. While no specific document body or script content was available for analysis, the heuristic firings strongly indicate a malicious PDF designed to exploit vulnerabilities and deliver a payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9969

Heuristics 2

  • ClamAV: Pdf.Exploit.Agent-36928 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36928
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Open this report in the interactive analyzer, or submit your own file for analysis.