Malicious PDF — malware analysis report

Static analysis result for SHA-256 5f2aeffcae0d5b07…

MALICIOUS

PDF

27.7 KB
MD5: 7d99610fdb064f96543e0bea1b06c538 SHA-1: fe501129361de6025c7a515b1c916bf1d37fe449 SHA-256: 5f2aeffcae0d5b0755176d5ef33873ea29d485506eee905e409cd46360ed2bda
108 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The file is identified as malicious by ML classifiers and ClamAV, specifically as Pdf.Exploit.Agent-6136306-0. The presence of XFA forms and embedded files suggests an attempt to exploit PDF viewer vulnerabilities for client execution. While the document body content is obfuscated, the overall indicators point to a malicious PDF designed to deliver a payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9978

Heuristics 4

  • ClamAV: Pdf.Exploit.Agent-6136306-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-6136306-0
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ns.adobe.com/xdp/
    • http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.