PDF malware analysis — malicious · ca7eaf9eee0dd9fc

MALICIOUS

PDF

986 B

MD5: 99a783eff51f822d5c4af9ba89051dfe SHA-1: fd9b72aa3e1c635435fdaa53ebbcceb5bd55816c SHA-256: ca7eaf9eee0dd9fc68e7c949afb3427339237002c679282b69f48e7dd50b051d

210 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1059.003 Windows Command Shell

The PDF file contains a launch action that executes cmd.exe, as indicated by critical heuristic firings. The ML classifier and ClamAV also flagged this file as malicious. The document body text is minimal and does not provide further context beyond confirming the presence of 'cmd.exe'.

Machine Learning

Nyx PDF Classifier malicious score 0.9995

Heuristics 3

Launch action critical PDF_LAUNCH

PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
/Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND

PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).
ClamAV: Pdf.Dropper.Agent-6299584-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-6299584-0

Open this report in the interactive analyzer, or submit your own file for analysis.