Malicious PDF — malware analysis report

Static analysis result for SHA-256 78bc7d749e00e08f…

MALICIOUS

PDF

1.0 KB
MD5: 43cf3c812528c75f2b613a08011719b2 SHA-1: bd7399a85868da06d7036a81e049b0060371eecb SHA-256: 78bc7d749e00e08f6b0b4436d40163e4240866c8f918d8736a6736f928f0af28
150 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1059.003 Windows Command Shell

The PDF file contains a launch action that directly executes cmd.exe. This indicates an attempt to exploit the PDF viewer to gain command execution on the user's system. The ML classifier also strongly flagged this file as malicious.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9995

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.