PDF malware analysis — malicious · 5b5800568ed0554d

MALICIOUS

PDF

1.0 KB

MD5: 0d6f6f7c0018e30fe30ce56e7740c16b SHA-1: eab2f352c29b698c17abbd266fca7f81debd46a5 SHA-256: 5b5800568ed0554d4905b9be676c8c721847fbe3214aeb3909af9baa266a2cee

132 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1204.002 Malicious File

The PDF file contains a launch action that directs the user to download and execute a file named 'updateadobe.exe' from the URL http://www.hidden-sabotage.com/!/updateadobe.exe. This is a common lure to trick users into running malware disguised as a legitimate update. The ML classifier also strongly indicated maliciousness.

Machine Learning

Nyx PDF Classifier malicious score 0.9996

Heuristics 3

Launch action critical PDF_LAUNCH

PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
/Launch action target: http://www.hidden-sabotage.com!!!! ! /updateadobe.exe high PDF_LAUNCH_COMMAND

PDF /Launch action specifies an executable target.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.hidden-sabotage.com

Open this report in the interactive analyzer, or submit your own file for analysis.