Malicious PDF — malware analysis report

Static analysis result for SHA-256 99ed6a9f7105bf18…

MALICIOUS

PDF

1.0 KB
MD5: a611709f9cbf91dd274f980359c6dc3b SHA-1: 5434c76793c0d24c382c94136471c0793778c19c SHA-256: 99ed6a9f7105bf1895057b92ca4c6f124a10bd45231eb5bd3bca93011e42d1ab
100 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF file contains a launch action that attempts to execute a file named 'tro.exe'. The document body text, while containing offensive language, reinforces the presence of 'tro.exe' as a target. This indicates a direct attempt to deliver and execute a malicious payload.

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: tro.exe high PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target with parameters '\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n������Ŷ��\nfuck you!\n'.

Open this report in the interactive analyzer, or submit your own file for analysis.