PDF malware analysis — malicious · c5e628d2c2d9d1e4

MALICIOUS

PDF

121.0 KB

MD5: 502572621f9942ee4e266297f5ab7b8d SHA-1: ffc90187d2d12a9137f520c16394407e6b4f63b4 SHA-256: c5e628d2c2d9d1e42c7c60fb945f85383be7106a6877332bf77551d64b43d1e9

68 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The critical ClamAV heuristic identified the file as Pdf.Exploit.Dropped-78, indicating it's a known malicious PDF exploit. The presence of an XFA form, flagged by a low-severity heuristic, suggests the exploit targets this feature. An embedded URL was also found, likely used to download the secondary payload. The document body content is not indicative of user-facing lures.

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.