PDF malware analysis — malicious · 61c48515b739c21e

MALICIOUS

PDF

87.4 KB

MD5: 1a56cf44c714fdb489fcaeba4288c76d SHA-1: 8c79abdb703f5c55340d1d327a05f4cbd2f5d4f4 SHA-256: 61c48515b739c21e44f8e7b26fed8e0a3bd3fda35be7322ab9231f6a88bf882b

100 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

This PDF document was flagged by ClamAV as Pdf.Exploit.Agent-6136306-0 and a machine learning classifier, indicating it contains an exploit. The presence of XFA form elements suggests it leverages a known PDF exploit vector. While no specific URLs or scripts were directly indicative of a payload, the exploit nature strongly suggests an attempt to execute malicious code, likely delivered via spearphishing.

Machine Learning

Nyx PDF Classifier malicious score 0.9982

Heuristics 3

ClamAV: Pdf.Exploit.Agent-6136306-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-6136306-0
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xdp/
- http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.