Malicious PDF — malware analysis report

Static analysis result for SHA-256 d3767a1a6836d518…

MALICIOUS

PDF

32.0 KB
MD5: 5d1b6b28fe493531be057c4967835ec3 SHA-1: ffb884f500b4c3e892e4f5f08524cf8470da1752 SHA-256: d3767a1a6836d518c60f15bd2ccef4542ffa7d32a6dcd4c7a5f28d424543ad8d
68 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 JavaScript T1204.002 Malicious File

The critical ClamAV heuristic indicates the presence of JavaScript exploit code within the PDF. The embedded URL, while seemingly benign, is often used in conjunction with exploit code. The XFA form heuristic further suggests a complex PDF structure that could be used to hide malicious content. The JavaScript likely attempts to download and execute a second-stage payload, as indicated by the 'Js.Exploit.HTML-30' detection.

Heuristics 3

  • ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Js.Exploit.HTML-30
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.