PDF malware analysis — malicious · 0502646ca8b90dc0

MALICIOUS

PDF

159.3 KB Created: 2003-08-27 11:07:25 Authoring application: (06.23.03) The Hawala System in Afghanistan (Maimbo) - Microsoft Word (via Acrobat PDFWriter 4.05 for Windows NT)

MD5: 56737818d2af2cba91df6bdd21ea9a06 SHA-1: 9d7fbfbd71e654670eb6b17d797df8057695a71c SHA-256: 0502646ca8b90dc0c59e0c45a506a209e335e0b17c2aa819b377ee17c3994235

120 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1059.003 Command and Scripting Interpreter: Windows Command Shell

The PDF file contains a launch action that executes cmd.exe with calc.exe as a parameter. This indicates an attempt to exploit a vulnerability to gain execution of arbitrary commands. While the specific exploit is not detailed, the action itself is malicious.

Machine Learning

Nyx PDF Classifier clean score 0.0211

Heuristics 2

Launch action critical PDF_LAUNCH

PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
/Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND

PDF /Launch action specifies an executable target with parameters 'calc.exe' — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.