Malicious PDF — malware analysis report

Static analysis result for SHA-256 cde537091a1c06f4…

MALICIOUS

PDF

1.0 KB
MD5: dc9da3b91097bbdb50b66e1a7a3e18d3 SHA-1: e92e58f1ee540209746a2a47c3f5fd435da4cf54 SHA-256: cde537091a1c06f413a09017ee7fdad2a261fbddce0493a8871af4fef34319c8
130 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF file contains a launch action that directs the user to download an executable from 'http://leetfile.com/u/505460update.exe'. This is a common social engineering tactic to lure users into executing malware. The ML classifier strongly supports the malicious verdict.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9996

Heuristics 3

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: http://leetfile.com/u/505460update.exe high PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://leetfile.com/u/505460update.exe

Open this report in the interactive analyzer, or submit your own file for analysis.