PDF malware analysis — malicious · 57d4507444dc8e6f

MALICIOUS

PDF

28.2 KB

MD5: c299e1ff43048043c732740b8c2ae760 SHA-1: 0b3ce1487077294c1d3cab1befe0dc415ef63bc0 SHA-256: 57d4507444dc8e6fcef60e03df1a7cab5655acc5297e4b012406c26e26a236f0

98 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The PDF was flagged by a machine learning classifier and ClamAV as malicious, specifically detecting JavaScript exploits. The presence of an embedded URL and XFA form suggests an attempt to execute malicious code or redirect the user. The ClamAV detection 'Js.Exploit.HTML-30' indicates a JavaScript exploit is likely present within the PDF, which is often used to download and execute further stages of an attack.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Js.Exploit.HTML-30
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.