PDFex — PDF malware analysis

Static analysis result for SHA-256 1abde26b9be3f80a…

MALICIOUS

PDF

4.7 KB Created: 2007-10-16 06:43:14 +03:00 Authoring application: Gnostice PDFtoolkit V2.02
MD5: 2351878a18e1c532299a59727a0f7257 SHA-1: c3c864d0ddeca3c793a88f075b56bcddf75e09e4 SHA-256: 1abde26b9be3f80a014e6cbca07d2662b322e5c306af881b9100f6cd6fd3ecc1
138 Risk Score

Malware Insights

PDFex · confidence 95%

MITRE ATT&CK
T1204.002 Malicious File: User Execution T1059.003 Command and Scripting Interpreter: Windows Command Shell

The sample is a PDF document flagged by ClamAV as Win.Trojan.PDFex-2 and by an ML classifier as malicious. A critical heuristic identified a dangerous URI referencing the Windows command interpreter path, specifically 'calc.exe".cmd'. This indicates an attempt to exploit a PDF vulnerability to execute arbitrary commands on the victim's system.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7205

Heuristics 3

  • ClamAV: Win.Trojan.PDFex-2 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Trojan.PDFex-2
  • PDF URI references command interpreter path high PDF_DANGEROUS_URI_COMMAND
    PDF contains a /URI action whose target uses a mailto/path traversal shape and references a command interpreter or scripting host. This is not a normal web link and matches legacy PDF command execution/dropper lures.
  • External URI low PDF_URI
    PDF contains an external URL action

Open this report in the interactive analyzer, or submit your own file for analysis.