Malicious PDF — malware analysis report

Static analysis result for SHA-256 13cad2bd604f8e61…

MALICIOUS

PDF

1.0 KB
MD5: 5067be77b5217082253e2d4d49e8f6a9 SHA-1: c15f19aab8cbe24f0646cea101e6ab8ec4a0d957 SHA-256: 13cad2bd604f8e6148bbfa3ea55c704466c19f268e1fb70c8fc06ad0b9dfc467
150 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1059.003 Windows Command Shell

The PDF contains a launch action that executes cmd.exe, which in turn attempts to launch notepad.exe. This is a common technique for executing arbitrary commands within a PDF. The ML classifier also strongly indicated maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9996

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.