Malicious PDF — malware analysis report

Static analysis result for SHA-256 19363a914c183bf9…

MALICIOUS

PDF

1.0 KB
MD5: c11283e5d14ee27957842bc872bb2076 SHA-1: 712df76857c35bf6cdb435248ca1bd4b6c1f8533 SHA-256: 19363a914c183bf98c929e4ada0ea37387918007646d38ee7f0caa9da2b8f6b6
150 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1059.003 Windows Command Shell

The PDF file contains a launch action that executes cmd.exe, which in turn attempts to run notepad.exe. This is indicative of an attempt to execute arbitrary commands on the user's system, likely as a precursor to a more malicious payload. The ML classifier strongly flagged this PDF as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9996

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.