PDF malware analysis — malicious · 8c65ed7107667d30

MALICIOUS

PDF

810 B First seen: 2026-05-11

MD5: bc354f95150db8b347103dc31a4d2c8d SHA-1: b698704d3f5299f082d9fc2934455adb47119f98 SHA-256: 8c65ed7107667d30ea72fb3f0014136cea4b451dff0c03eb76a06e77e0fcb404

70 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution T1059.003 Command and Scripting Interpreter: Windows Command Shell

The ML classifier strongly flagged this PDF as malicious. The document body contains a suspicious 'mailto:' URI that appears to be an attempt to exploit a PDF vulnerability to execute the 'calc.exe' command via cmd.exe. This suggests a downloader or initial access technique.

Machine Learning

Nyx PDF Classifier malicious score 0.9734

Heuristics 1

Hex-obfuscated structural name object high PDF_OBFUSCATED_NAME_OBJECT

A structurally-dangerous PDF name (e.g. /OpenAction, /Launch, /AA, /EmbeddedFile, /SubmitForm) is written with #XX hex escapes to evade string-based scanners. Legitimate producers write these names literally; hex-encoding them is a deliberate obfuscation technique.

Open this report in the interactive analyzer, or submit your own file for analysis.