Malicious PDF — malware analysis report

Static analysis result for SHA-256 0ccb65d50dcb9bcd…

MALICIOUS

PDF

976 B
MD5: 95e30a9d8485148ddd6baaea3aa8943d SHA-1: 691248e561e70ac3984eb19006d6569f84209f71 SHA-256: 0ccb65d50dcb9bcd29e79e5252882420ceedb77d397c74fced2c6a4ae8a295e1
130 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The PDF file contains a launch action that directly executes calc.exe. This is a common technique used to demonstrate exploit functionality or to initiate a more complex malicious payload. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9995

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: calc.exe high PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target.

Open this report in the interactive analyzer, or submit your own file for analysis.