PDF malware analysis — malicious · 62579326627e229e

MALICIOUS

PDF

31.5 KB

MD5: 22bea13430ac2f48cf8afaa4f4eaacb3 SHA-1: 421a3f7bdc9ceefcfa6e72d98ae99a047698c0db SHA-256: 62579326627e229ee4005df86d714c27a440ee35ef49e4b84085e1397d61844a

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains XFA form elements and embedded JavaScript, flagged by heuristics as malicious. The JavaScript is obfuscated but appears to be designed to exploit a vulnerability and execute a payload. The embedded URL is likely related to the exploit or payload delivery. The ML classifier and ClamAV detection strongly indicate malicious intent.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Js.Exploit.HTML-30
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.