Malicious PDF — malware analysis report

Static analysis result for SHA-256 acbfc0b646282eb5…

MALICIOUS

PDF

120.6 KB
MD5: 4a57c8d84deb32bf21787928fb2a9eff SHA-1: 72d1aa49f85d4d69a48d802a7494d533ed4d10d3 SHA-256: acbfc0b646282eb5f614cf65abb04fa882e99e84787f42c935f685e8df4d30b7
68 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.001 PowerShell

The sample is a PDF file identified by ClamAV as Pdf.Exploit.Dropped-78. It contains an embedded URL that is likely used to download a secondary payload. The presence of XFA form elements suggests a potential vector for exploit delivery. The exact nature of the exploit and payload is not fully discernible from the provided static analysis, but the overall pattern indicates a malicious document designed to drop and execute further malware.

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.