PDF malware analysis — malicious · ce3417c6825ab3e5

MALICIOUS

PDF

31.7 KB

MD5: 9f80c099f338413b609fbc964b40d987 SHA-1: 5a747aa4c4c193bb76ed3a13d8f8e5fe22a838c0 SHA-256: ce3417c6825ab3e515891f3983d15c77d95ac5b0a71c0280a402bc5e4b639314

98 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF was flagged by ML classifiers and ClamAV as malicious, specifically detecting embedded JavaScript. The presence of XFA forms suggests an attempt to exploit vulnerabilities within the PDF reader. The embedded URL, while seemingly benign, is associated with XFA templates and could be part of a larger exploit chain. The JavaScript, though obfuscated, likely attempts to download and execute a second-stage payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Js.Exploit.HTML-30
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.