PDF malware analysis — malicious · 80d7f5a66b3e655b

MALICIOUS

PDF

32.2 KB

MD5: 5ac51ff45babd8041e5d59e9fd45d713 SHA-1: 3c264ba5e0f0e40fae1ee935939837f881c18fd0 SHA-256: 80d7f5a66b3e655b8743745a080145029911d10be39c0b0b0534e94e2daeab68

100 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF was flagged by multiple heuristics, including a critical ClamAV detection for Js.Exploit.HTML-30 and an ML classifier indicating high maliciousness. The presence of XFA forms and embedded JavaScript, along with the embedded URL, suggests the document is designed to exploit vulnerabilities and execute malicious scripts, likely as a spearphishing attachment.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Js.Exploit.HTML-30
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.