Malicious PDF — malware analysis report

Static analysis result for SHA-256 f1af23282d0bc2e0…

MALICIOUS

PDF

11.2 KB
MD5: c834cb620a503020cb86e5e670b7f63c SHA-1: 746d17e8ea26bc48e1a68e5cb081d04933911858 SHA-256: f1af23282d0bc2e0042e51c62d61586bfabd399f7231483da631c7a62f86a5a3
78 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified as a malicious PDF by ClamAV with the signature Pdf.Exploit.Agent-22121. The presence of PDF_EMBEDDED and PDF_XFA heuristics further indicates a potentially exploitable PDF structure. While the document body is unreadable, the critical ClamAV detection strongly suggests the PDF is designed to exploit a vulnerability and deliver a malicious payload.

Heuristics 4

  • ClamAV: Pdf.Exploit.Agent-22121 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-22121
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILED
    The cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PSSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.

Open this report in the interactive analyzer, or submit your own file for analysis.