Malicious PDF — malware analysis report

Static analysis result for SHA-256 49b2b342aa651a76…

MALICIOUS

PDF

31.8 KB
MD5: 8f141154bc65bfd971b5c1035f50733b SHA-1: c705ec1711bb3c5f16d7d00e897a712e87e60306 SHA-256: 49b2b342aa651a76abbe5516e59d3b6ccf0329ad57a67c1a873a3988f5c559e1
68 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF was flagged as malicious by ClamAV with the signature Js.Exploit.HTML-30, indicating it contains JavaScript exploits. The presence of an XFA form further supports this, as XFA is often used to embed malicious scripts. The embedded URL is likely part of the exploit chain. The JavaScript, though partially obfuscated, appears to be involved in the exploit delivery mechanism.

Heuristics 3

  • ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Js.Exploit.HTML-30
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.