Malicious PDF — malware analysis report

Static analysis result for SHA-256 88c31a6de9eac041…

MALICIOUS

PDF

1.3 KB
MD5: 2441a4955ade99d9a8fa97af1e79de1f SHA-1: 794ee6f2b45d7edacb50daa9bc7f59caa79ea679 SHA-256: 88c31a6de9eac041318741a6cdda04241dfa679acad1a3ab7027f00af6f81cae
150 Risk Score

Malware Insights

MITRE ATT&CK
T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains a launch action that attempts to execute cmd.exe, as indicated by the PDF_LAUNCH and PDF_LAUNCH_COMMAND heuristics. The document body further attempts to lure the user into clicking an 'Open' button, which would trigger the execution of the command. This indicates an attempt to exploit the user's trust to execute a command-line interface.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9996

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.