PDF malware analysis — malicious · bf2aa393f8be1b1b

MALICIOUS

PDF

3.8 KB

MD5: 9cf08a2834aa5ca96c3397b5a3b4e241 SHA-1: 5fe9533bb1a63c1cc549a75819bfbc77ea4cc3cb SHA-256: bf2aa393f8be1b1b1bc839b23e92a2e991f739891cc7fdc0933c82034764cc63

106 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1566.002 Spearphishing Attachment

The file is identified as malicious by ClamAV with the signature Pdf.Exploit.Agent-6136306-0, and a machine learning classifier also flagged it with high confidence. The PDF contains embedded objects and uses XFA forms, which are common vectors for exploitation. The embedded URL, while not definitively malicious, is associated with the XFA structure.

Machine Learning

Nyx PDF Classifier malicious score 0.9990

Heuristics 4

ClamAV: Pdf.Exploit.Agent-6136306-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-6136306-0
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xdp/
- http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.