PDF malware analysis — malicious · 29989ed5b67ad6ed

MALICIOUS

PDF

1.1 KB

MD5: c9bcc3fbd83b6e5416b4c65fcc84d31a SHA-1: db9685b22ee156cd86010864a159872dc95a9c96 SHA-256: 29989ed5b67ad6ed93ea06c1d330d3f8259873e2d4f252b9a48e84888857c4ef

108 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1566.001 Spearphishing Attachment

This PDF document contains a launch action that executes calc.exe, indicating an attempt to exploit a vulnerability or trick the user into running a program. The embedded URL, while local, suggests potential command and control or payload delivery infrastructure. The presence of JavaScript further supports malicious intent, likely to facilitate the execution of the launched application.

Heuristics 4

Launch action critical PDF_LAUNCH

PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
/Launch action target: calc.exe high PDF_LAUNCH_COMMAND

PDF /Launch action specifies an executable target.
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://192.168.0.199

Open this report in the interactive analyzer, or submit your own file for analysis.