Malicious PDF — malware analysis report

Static analysis result for SHA-256 0350c4febc7261f7…

MALICIOUS

PDF

1010 B
MD5: df65edac22a7c6fb38bba88c10e2b953 SHA-1: f800e4074218ff94d972fd2ab385c68375f5e310 SHA-256: 0350c4febc7261f7e5ba198e1868d5f53b0373659f1887cbb3fc7ca69f6d4af5
130 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

The PDF file contains a launch action that directly executes a file from the URL www.shpija.24.gg/java.exe. The document body contains a simple lure and repeats the executable's URL, suggesting an attempt to trick the user into downloading and running a malicious payload. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9996

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: www.shpija.24.gg/java.exe high PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target.

Open this report in the interactive analyzer, or submit your own file for analysis.