PDF malware analysis — malicious · c8e9cd08fa4792b8

MALICIOUS

PDF

120.8 KB

MD5: b1dc6dd9ad7dd94341e523d714fac2d9 SHA-1: ac9729d12873235898bd084aa9659efdd9070ef3 SHA-256: c8e9cd08fa4792b8d03f2906b682e79d7b57763f4642ed080290623b81c26bd9

98 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution T1566.002 Phishing: Spearphishing Attachment

The file is identified as a malicious PDF by ClamAV and an ML classifier. The presence of an XFA form suggests an attempt to exploit vulnerabilities within the PDF reader's handling of these forms. The embedded URL, while seemingly benign, is likely part of the exploit chain or a lure. The PDF structure itself does not contain readable content, indicating its primary purpose is malicious execution.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.