Malicious PDF — malware analysis report

Static analysis result for SHA-256 58f51a73618c0bcb…

MALICIOUS

PDF

120.6 KB
MD5: 577b931e7ec100d8b883d00049cf7602 SHA-1: fe26051c4030b538d8f90b9bec867f15a2b51c81 SHA-256: 58f51a73618c0bcbbb08b39263574a603e25ab2f78b2c5d9ffc987b9b332f33f
68 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The file is identified as malicious by ClamAV with the signature Pdf.Exploit.Dropped-78. The presence of an XFA form and an embedded URL suggests an exploit attempt. The embedded URL, while seemingly benign, is likely part of the exploit chain to download or execute a secondary payload.

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.