Malicious PDF — malware analysis report

Static analysis result for SHA-256 aa179bff49415e4d…

MALICIOUS

PDF

99.1 KB
MD5: cbba663d0b47de2ab79f81ac22e83d30 SHA-1: 96b597a1091e426910e7e6f7f772544c01bda192 SHA-256: aa179bff49415e4dec859c076584368d622a47b73a16929170da05518ff8af8e
98 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link T1204.002 Malicious Link: Malicious File

The critical ClamAV detection and ML classifier firing indicate this PDF is malicious. The presence of XFA form elements suggests it may be used to exploit vulnerabilities. The ClamAV signature 'Pdf.Exploit.Dropped-78' strongly implies the PDF is a dropper for further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9987

Heuristics 2

  • ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic

Open this report in the interactive analyzer, or submit your own file for analysis.