Malicious PDF — malware analysis report

Static analysis result for SHA-256 9157fb2ad0a159a3…

MALICIOUS

PDF

34.6 KB
MD5: b58754b3b427cd736f486f93b1d24122 SHA-1: a9df07208a5dad6805d30fc4981482ea585224f7 SHA-256: 9157fb2ad0a159a34a48241bc69a9f286b5fcc601ef3d69df63143d2671d471f
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file is identified as malicious by ClamAV and an ML classifier, indicating it exploits PDF vulnerabilities. The presence of embedded files and XFA forms are common characteristics of malicious PDFs. While no specific script was extracted, the overall indicators point to a malicious PDF designed to exploit users.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9978

Heuristics 4

  • ClamAV: Pdf.Exploit.Agent-6136306-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-6136306-0
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ns.adobe.com/xdp/
    • http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.