PDF malware analysis — malicious · cf1f4e38e43fcaa0

MALICIOUS

PDF

28.0 KB

MD5: 51acc024ece0463de4f08068cdbee8c8 SHA-1: 80cf17b75d051dbdba8d0a6fe2d4098b6725b657 SHA-256: cf1f4e38e43fcaa037ebaf66999d4bbec0522226fc0d7bbd021d04152662c544

70 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell

The file is a PDF document identified as malicious by ClamAV with the signature Js.Exploit.HTML-30. It utilizes an XFA form, which commonly serves as a vector for embedding and executing JavaScript. The embedded JavaScript, although obfuscated, is indicative of an exploit attempt. The presence of an embedded URL further supports the malicious nature of the document.

Heuristics 4

ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Js.Exploit.HTML-30
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED

The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSEOF. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.