Malicious PDF — malware analysis report

Static analysis result for SHA-256 c2c329e9146097f6…

MALICIOUS

PDF

504 B
MD5: f1ac5e9baaa779a939735248586a3582 SHA-1: 8bbdebf606b22beb61affb3aea012b8c4f2ca022 SHA-256: c2c329e9146097f69480572293acb4048df15ecf31c1bdf4487a3bd3931d5a06
130 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.003 Windows Command Shell

The PDF contains a launch action that executes 'cmd.exe /q/c asd.bgt'. This indicates an attempt to run a malicious command-line executable, likely to download and execute a second-stage payload. The ML classifier strongly supports the malicious nature of this PDF.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9997

Heuristics 2

  • /Launch action target: "cmd.exe" critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target with parameters '/q/c asd.bgt' — references a known-dangerous executable (cmd, PowerShell, etc.).
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.