Malicious PDF — malware analysis report

Static analysis result for SHA-256 c8c6150278e6ae82…

MALICIOUS

PDF

31.8 KB
MD5: 606b160c6002289526786a0df50c4217 SHA-1: eb01a7686d8a0796e1ec5c222142cff9f4cb9cdf SHA-256: c8c6150278e6ae8267e8bc3c78ab52f958554f9669bcfee60bb56097fd5b8671
68 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The sample is a PDF document identified as malicious by ClamAV with the signature Js.Exploit.HTML-30. It contains an embedded URL and utilizes XFA forms, which are often associated with exploits. The embedded JavaScript is likely responsible for executing the malicious payload, potentially leveraging an exploit within the PDF viewer.

Heuristics 3

  • ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Js.Exploit.HTML-30
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.