Malicious PDF — malware analysis report

Static analysis result for SHA-256 0043370e7279effa…

MALICIOUS

PDF

504 B
MD5: 68ab3a90160caf621e7f1dc081bad390 SHA-1: 1327b85c475c539cd0b8b9f6928ba15d6b75e2df SHA-256: 0043370e7279effa99796afa858fcacfb5b133ff548cfc75296cc5bbb6a425d9
130 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution T1059.003 Command and Scripting Interpreter: Windows Command Shell

The PDF file contains a launch action that executes 'cmd.exe /q/c asd.vbs'. This indicates the document is designed to run a malicious VBScript, likely for further payload delivery or execution. The ML classifier strongly supports the malicious nature of this PDF.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9997

Heuristics 2

  • /Launch action target: "cmd.exe" critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target with parameters '/q/c asd.vbs' — references a known-dangerous executable (cmd, PowerShell, etc.).
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.