Malicious PDF — malware analysis report

Static analysis result for SHA-256 e46fb914e0f22a39…

MALICIOUS

PDF

31.8 KB
MD5: 410fe986e2277e129bfb47fe3a7f8e30 SHA-1: 0127f57b42e472af41a222c8c99bd33d512f1ca0 SHA-256: e46fb914e0f22a39ccf7254512f5713ba3ba3a30b5432deb3c30ae70f354d098
68 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

The PDF file contains XFA form elements, which are often used to embed JavaScript for malicious purposes. ClamAV detected this file as Js.Exploit.HTML-30, indicating a JavaScript exploit. The embedded URL, while seemingly benign, is present within the document structure. The primary attack vector appears to be the exploitation of JavaScript within the XFA form to execute malicious code.

Heuristics 3

  • ClamAV: Js.Exploit.HTML-30 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Js.Exploit.HTML-30
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.