PDFex PDF malware analysis — malicious · 34f0478c058d7cc1

MALICIOUS

PDF

7.2 KB Created: 2007-10-16 06:43:14 +03:00 Authoring application: Gnostice PDFtoolkit V2.02

MD5: afeabd99f646f57122316747076e0266 SHA-1: c0d4a59d39c5d6e3680d4730f7e65af1b6658b05 SHA-256: 34f0478c058d7cc17d2e46cbae1773ba44a598ef84f61323279cd17b1cc44b5e

138 Risk Score

Malware Insights

PDFex · confidence 95%

MITRE ATT&CK

T1204.002 Malicious File T1059.003 Windows Command Shell

The PDF file was flagged by ClamAV as Win.Trojan.PDFex-2 and a high-severity heuristic detected a dangerous URI referencing the command interpreter path. The embedded URI 'mailto:test%../../../../../../../../windows/system32/calc.exe".cmd' indicates an attempt to exploit a PDF vulnerability to execute the Windows command interpreter, likely to download and run a secondary payload.

Machine Learning

Nyx PDF Classifier malicious score 0.9935

Heuristics 4

ClamAV: Win.Trojan.PDFex-2 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.PDFex-2
PDF URI references command interpreter path high PDF_DANGEROUS_URI_COMMAND

PDF contains a /URI action whose target uses a mailto/path traversal shape and references a command interpreter or scripting host. This is not a normal web link and matches legacy PDF command execution/dropper lures.
External URI low PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://ns.adobe.com/xap/1.0/
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/mm/

Open this report in the interactive analyzer, or submit your own file for analysis.