Malicious PDF — malware analysis report

Static analysis result for SHA-256 0fd725a009a3f039…

MALICIOUS

PDF

1.3 KB
MD5: 6e06512895555e4e900274a0332f2d84 SHA-1: ed5d267c83a8b78521c483d16fc284352307c8ad SHA-256: 0fd725a009a3f03974cd7ab8989f41a2de9404e15d1aa342750189c9b49e568d
150 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1059.003 Windows Command Shell

The PDF file contains a launch action that directly invokes cmd.exe. This is a strong indicator of an attempt to execute arbitrary commands, likely to download and run a second-stage payload. The ML classifier also strongly flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9992

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.