Malicious PDF — malware analysis report

Static analysis result for SHA-256 dd4144dbebe97461…

MALICIOUS

PDF

121.0 KB
MD5: 9294d2960ce65f4cfebf62680ced7eb0 SHA-1: 13c674d3d2c020c02a7db9ff33677acbe9c25962 SHA-256: dd4144dbebe97461d3f85a82f10e2238cf9c293ed8dd8c4a578f0a73ac0c85cc
68 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link T1204.002 Malicious Link: Malicious File

The PDF file contains an embedded URL and triggers a critical ClamAV detection for Pdf.Exploit.Dropped-78, indicating it's designed to drop or execute malicious content. The presence of XFA form elements further suggests an exploit vector is being utilized. The embedded URL is likely part of the exploit chain or a lure.

Heuristics 3

  • ClamAV: Pdf.Exploit.Dropped-78 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Dropped-78
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.