Malicious PDF — malware analysis report

Static analysis result for SHA-256 84fe11f4072dae67…

MALICIOUS

PDF

122.1 KB
MD5: 5e7eb446461020b063c692d6e34128c7 SHA-1: cdf4192165f4f7f9037b963e94783dbecdcbc6e2 SHA-256: 84fe11f4072dae6740112e0e3a9617cff6dfd47429820ef13885c2920c5288fc
68 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The critical ClamAV heuristic indicates this PDF is malicious, specifically identified as Pdf.Exploit.Dropped-78. The presence of an embedded URL and XFA form further supports an exploit delivery mechanism. The document body contains obfuscated content that likely forms part of the exploit or payload.

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.