PDF malware analysis — malicious · 6618ba1b531cedf5

MALICIOUS

PDF

28.0 KB

MD5: 817b0c4dd040729d20534721260281ce SHA-1: 084fe5a0684c8611ccde44f122e1d3fe93e9c0db SHA-256: 6618ba1b531cedf570b8e54c898a7ebfb942365ec2d5de971850ebd277666ab8

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment

The PDF sample was flagged by ML classifiers and ClamAV as malicious, specifically detecting embedded JavaScript exploits. The presence of XFA form elements and an embedded URL further supports the exploitation of PDF vulnerabilities. The embedded JavaScript is likely designed to download and execute a second-stage payload, consistent with a spearphishing attachment attack.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Js.Exploit.HTML-30
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.