PDF malware analysis — malicious · ebea871b8db837c8

MALICIOUS

PDF

23.4 KB

MD5: 525fe5d3ed922bd5a27110278533d9f7 SHA-1: 96044ef02336cc9fef751cd6e24128a8134ef599 SHA-256: ebea871b8db837c83c4c29413eae3c2c29f31deceacb48a3ca325b7bfe508889

76 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious Link T1204.002 Malicious Link: Malicious File

The critical ClamAV heuristic 'Pdf.Exploit.Agent-6136306-0' indicates the PDF file contains an exploit. The presence of embedded files and XFA forms are common characteristics of malicious PDFs designed to deliver exploits. The embedded URLs, while not directly malicious in reputation, are part of the document's structure that facilitates the exploit.

Heuristics 4

ClamAV: Pdf.Exploit.Agent-6136306-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-6136306-0
Embedded file low PDF_EMBEDDED

PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
XFA form low PDF_XFA

PDF uses XML Forms Architecture — can contain script logic
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xdp/
- http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.