PDF malware analysis — malicious · 854b62fe65b73d25

MALICIOUS

PDF

28.5 KB

MD5: 2c279272799e14ed7e98eee281c87970 SHA-1: 6eba3367fcda2af6fb705f67017a61bef9e72f66 SHA-256: 854b62fe65b73d2590168e3d5b2a2fc5adbafdb68a640f9ed46931650fa47719

102 Risk Score

Malware Insights

MITRE ATT&CK

T1059.007 JavaScript T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file was flagged as malicious by a machine learning classifier and ClamAV, specifically detecting embedded JavaScript exploits. The presence of an XFA form further indicates a likely exploitation vector. The embedded JavaScript, although obfuscated, is the primary mechanism for executing malicious code, potentially leading to further exploitation or payload delivery.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 4

ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Js.Exploit.HTML-30
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSEOF. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.