Malicious PDF — malware analysis report

Static analysis result for SHA-256 a35e584b08e5b8c0…

MALICIOUS

PDF

32.2 KB
MD5: 3fcb145924e4666feb246784f9fa17cd SHA-1: 96f26de79f53037db4d1fde98a9d992e1d0cfde2 SHA-256: a35e584b08e5b8c0116e6e741e0901afa4b0e14ef90b581f1e33130d7d551c63
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.007 JavaScript T1203 Exploitation for Client Execution

The sample is a PDF file identified as malicious by ClamAV and an ML classifier, specifically flagging XFA forms and embedded JavaScript. The embedded URL, while obfuscated, points to an XFA template schema. The JavaScript likely attempts to exploit a vulnerability to execute further malicious code.

Machine Learning

  • Nyx PDF Classifier malicious score 1.0000

Heuristics 3

  • ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Js.Exploit.HTML-30
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.xfa.org/schema/xfa-template/2.5/ In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.