PDF malware analysis — malicious · 4a8b44fb92780091

MALICIOUS

PDF

3.8 KB

MD5: ebd9b9ba2349ed483431c48c2a5c58fd SHA-1: 17d5d43bbf3f97588654e536cd6666dc72cc9dea SHA-256: 4a8b44fb92780091430246a9e78d62015e36184beaf4b59e09ed5e9ac40c0a26

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious Link T1204.002 Malicious Link: Malicious File

This PDF document was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Exploit.Agent-6136306-0', indicating it contains a known exploit. The ML classifier also assigned a high probability of maliciousness. The presence of XFA forms and embedded files are common characteristics of weaponized PDFs designed to deliver exploits.

Machine Learning

Nyx PDF Classifier malicious score 0.9990

Heuristics 4

ClamAV: Pdf.Exploit.Agent-6136306-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-6136306-0
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xdp/
- http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.