Malicious PDF — malware analysis report

Static analysis result for SHA-256 0f7003ea28c5bc7f…

MALICIOUS

PDF

486 B
MD5: d82cd1cc4194aaf92667dd5bc7187af2 SHA-1: 73ecc1428b13be6b908079dd0ccb25b5e001e1e7 SHA-256: 0f7003ea28c5bc7f4d6f0f1cafbd82b2a98fdf7f977e52a15f6db47689d717d6
130 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution

The PDF contains a launch action that directly executes cmd.exe. This is a common technique for exploiting vulnerabilities in PDF readers to achieve arbitrary code execution. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9997

Heuristics 2

  • /Launch action target: "cmd.exe" critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.