Malicious PDF — malware analysis report

Static analysis result for SHA-256 86755caf01f52679…

MALICIOUS

PDF

120.6 KB
MD5: b6235f4ea1d88554cd340691d11223e6 SHA-1: 32fb2ff78ecb1a9e66fd9285360aac3cd1955629 SHA-256: 86755caf01f52679a6f8eb15b00a10665b5e300e31c9feb2fe3c3441f430f8b3
98 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious File T1204.002 Malicious File: User Execution: Malicious Attachment

The file is identified as malicious by ClamAV and an ML classifier, specifically flagged for exploiting XFA forms. The presence of an embedded URL, although not directly actionable in this context, further supports the malicious nature. The attack pattern involves leveraging XFA form functionality within the PDF to execute malicious code.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.