PDF malware analysis — malicious · 82d920bdfaed5b7e

MALICIOUS

PDF

31.8 KB

MD5: d65750731877a1cfd5591b363388cbff SHA-1: 35c678f39231d09b91b21a7ff75e5d015896c138 SHA-256: 82d920bdfaed5b7e32b35f2cf7f7e04cf64f52fa5d4a3f34fd25095eec97a1c9

98 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF was flagged by a machine learning classifier and ClamAV as malicious, specifically detecting JavaScript exploits. The presence of an XFA form suggests an attempt to leverage vulnerabilities within the PDF reader. The embedded URL, while seemingly benign, is likely part of the exploit chain.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Js.Exploit.HTML-30
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.