PDF malware analysis — malicious · 6afd307d942786ae

MALICIOUS

PDF

31.8 KB

MD5: e5a3c580a1ae078c4900139a49855b4f SHA-1: 8d7149e23eec701c00100d76fb9e06d1a25179ba SHA-256: 6afd307d942786ae67e872ad5c17243b51dc478818310d337136b25535b0edfa

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The file is identified as malicious by ML classifiers and ClamAV, specifically as Js.Exploit.HTML-30. It contains an embedded URL related to XFA templates and exhibits XFA form properties, indicating it likely leverages these features to execute malicious JavaScript. The embedded JavaScript is designed to download and execute a second-stage payload, as suggested by the exploit detection.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Js.Exploit.HTML-30
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.