Malicious PDF — malware analysis report

Static analysis result for SHA-256 cf6057ae9bcb3d31…

MALICIOUS

PDF

664 B
MD5: 9335e38fa1c8d29f584f3fc696d4f111 SHA-1: dc251a33c946953dd5b096429945343a194da4c0 SHA-256: cf6057ae9bcb3d31c150e2c2890fb9c3821232700857c5af99c6dab65d4bb135
160 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution

The PDF file contains a launch action that executes calc.exe. This is a common technique used to bypass security controls or to test if a PDF reader is vulnerable to arbitrary code execution. The obfuscated object name also suggests malicious intent.

Heuristics 3

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • /Launch action target: /C/Windows/System32/calc.exe high PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target.

Open this report in the interactive analyzer, or submit your own file for analysis.