PDF malware analysis — malicious · 9a3f48d7ee4cec5d

MALICIOUS

PDF

14.0 KB First seen: 2021-06-30

MD5: c48496b777a3b005fab2dbb4bf724a67 SHA-1: c7e0683f61915a132aa61228473986dfb99ad99f SHA-256: 9a3f48d7ee4cec5d29f5f457644c229120b797e37a7369db7ca190a15f6897e9

82 Risk Score

Malware Insights

MITRE ATT&CK

T1203 Exploitation for Client Execution T1566.001 Spearphishing Attachment

The PDF file contains heuristics indicating the exploitation of CVE-2018-4993, which involves a GoToE/GoToR UNC action. This suggests the document is designed to redirect the user to a remote resource, likely for malicious purposes. The lack of readable document body text prevents a more specific assessment of the lure.

Machine Learning

Nyx PDF Classifier clean score 0.1483

Heuristics 3

GoToE/GoToR UNC action — CVE-2018-4993 high CVE exact CVE_2018_4993_GOTOE_UNC

PDF contains an automatic/open GoToE or GoToR action whose /F target is a UNC path, matching the Adobe Reader NTLM credential-leak exploit shape.
Remote GoTo action high PDF_GOTO_REMOTE

PDF references an external document via GoToR/GoToE whose target is a URL, UNC path, or executable
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL \\93.189.145.82\test In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.