PDF malware analysis — malicious · c2ed88f48e4165d5

MALICIOUS

PDF

1.0 KB

MD5: cbc5e94fd20a844ef2c37664a6fea4d2 SHA-1: 98a8173e3901e0904bc79fe999da63ef178343b1 SHA-256: c2ed88f48e4165d5c9492146b0e081d312b1e8abc7b88f592b730446471331ff

100 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1566.001 Spearphishing Attachment

The PDF file contains a launch action that directs the user to download an executable from the URL http://www.turkiyecamfrog.tk/kameralisohbeti.exe. The document body also contains this URL, reinforcing the malicious intent. The executable is likely a downloader or trojan, aiming to compromise the user's system.

Heuristics 3

Launch action critical PDF_LAUNCH

PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
/Launch action target: http://www.turkiyecamfrog.tk/kameralisohbeti.exe high PDF_LAUNCH_COMMAND

PDF /Launch action specifies an executable target.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.turkiyecamfrog.tk/kameralisohbeti.exe

Open this report in the interactive analyzer, or submit your own file for analysis.