Malicious PDF — malware analysis report

Static analysis result for SHA-256 3a2bd6936e68b5ba…

MALICIOUS

PDF

46.3 KB
MD5: 42bcef96d6e7e57b5e39fced23eb0d5f SHA-1: 1c60e4943516d109bdc2331638f6270a86b513b6 SHA-256: 3a2bd6936e68b5baa15db588bbebe02bace93cc04f5477311575efa398595e58
68 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link T1059 Command and Scripting Interpreter

The critical ClamAV heuristic indicates this PDF is a known exploit, likely targeting PDF viewers. The presence of an embedded URL and XFA form further supports this, suggesting the file is designed to lure the user into interacting with malicious content or triggering an exploit. The embedded URL is likely part of the exploit chain.

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.