PDF malware analysis — malicious · 9864af514a02458d

MALICIOUS

PDF

663 B

MD5: aa5e8019decefe5defe80c1cd39283da SHA-1: 093f4e5c9f2004b8e3e07c506a79cf5c8674d052 SHA-256: 9864af514a02458ddb7ac7d9f6705c1ed43d6ae84c95b2ec0fa17c217a830ec2

108 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: User Execution of Malicious File T1059.003 Command and Scripting Interpreter: Windows Command Shell

The critical ClamAV heuristic indicates this PDF is detected as Pdf.Exploit.Agent-1388600. The PDF_DANGEROUS_URI_COMMAND heuristic fired, indicating a URI that references a command interpreter path. The extracted URI, mailto:tttt%../../../../../../../../windows/system32/calc.exe".cmd, confirms this attempt to execute the Windows command interpreter.

Heuristics 3

ClamAV: Pdf.Exploit.Agent-1388600 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-1388600
PDF URI references command interpreter path high PDF_DANGEROUS_URI_COMMAND

PDF contains a /URI action whose target uses a mailto/path traversal shape and references a command interpreter or scripting host. This is not a normal web link and matches legacy PDF command execution/dropper lures.
External URI low PDF_URI

PDF contains an external URL action

Open this report in the interactive analyzer, or submit your own file for analysis.