Malicious PDF — malware analysis report

Static analysis result for SHA-256 1c88dbea46812365…

MALICIOUS

PDF

477 B
MD5: 3d3321b24b3e7c55ec977b808a43e59f SHA-1: 17613c819de88ff4c67c2b37adf6d8a9ca30ad73 SHA-256: 1c88dbea46812365e4b888fcde13b40eb486af0302d94734ec9b0911b834c496
108 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution T1059.003 Command and Scripting Interpreter: Windows Command Shell

The PDF file contains a malicious URI that attempts to leverage a command interpreter to execute calc.exe. This is indicative of an exploit attempting to run arbitrary commands on the victim's system. The ClamAV detection further confirms the malicious nature of the file.

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-34360 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-34360
  • PDF URI references command interpreter path high PDF_DANGEROUS_URI_COMMAND
    PDF contains a /URI action whose target uses a mailto/path traversal shape and references a command interpreter or scripting host. This is not a normal web link and matches legacy PDF command execution/dropper lures.
  • External URI low PDF_URI
    PDF contains an external URL action

Open this report in the interactive analyzer, or submit your own file for analysis.