PDF malware analysis — malicious · dc75ed822abe5442

MALICIOUS

PDF

817 B

MD5: 92069abb96a6fde8c55a4572a5693f59 SHA-1: 9983fab2f506b7492b5ff4c2cdf931f08bda6cdf SHA-256: dc75ed822abe5442af5d15a0bcb9093ae476a0130b6970cb3321e8ac693e5b9a

80 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1557.001 Adversary-in-the-Middle

The PDF file contains a UNC path, which is a known technique for credential theft via NTLM relay attacks. This is further supported by the 'PDF_GOTO_REMOTE' heuristic, indicating a remote action that could be used to exfiltrate credentials. The file is classified as malicious with a high risk score.

Heuristics 2

UNC path in PDF — possible NTLM credential theft (CVE-2018-4993/CVE-2019-7089) high CVE likely CVE_2018_4993

PDF contains a UNC path (\\server\share) alongside action triggers — when a vulnerable viewer resolves this path, Windows may send NTLM credentials to the remote host as the matching PDF action is processed
Remote GoTo action high PDF_GOTO_REMOTE

PDF references an external document via GoToR/GoToE whose target is a URL, UNC path, or executable

Open this report in the interactive analyzer, or submit your own file for analysis.