Malicious PDF — malware analysis report

Static analysis result for SHA-256 0abb5fa42f925573…

MALICIOUS

PDF

299 B
MD5: 3f2a6e9a93dc53fc7f43a4fb336448d3 SHA-1: 68ef580406f685b239b6f12059ab3b354ec9061c SHA-256: 0abb5fa42f9255739582cc8337b70a771a6f46e2c5daefaecc4bbf4827b3a6fc
110 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The PDF contains a launch action that directly executes the 'cmd' executable. This is a common technique used to initiate further malicious activity, such as downloading and executing a second-stage payload. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9999

Heuristics 2

  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous
  • /Launch action target: cmd high PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target.

Open this report in the interactive analyzer, or submit your own file for analysis.