PDF malware analysis — malicious · d20b59d77475a4db

MALICIOUS

PDF

718.5 KB Created: 2000-01-24 16:22:01 Authoring application: XPP (via IBM (ID Workbench))

MD5: dd8e4e9e46303f2c7e2e3229305eff64 SHA-1: 7b7b906adfe64caa526cc836d13c0811d4561816 SHA-256: d20b59d77475a4db32ce8b26b6a6076740fcda09e5f9da51272cd5cc8eeac341

138 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The PDF contains a launch action that attempts to execute an external file named 'csqzai03.pdf'. This is a common technique for delivering secondary payloads or initiating exploits. The ML classifier and ClamAV detection further support the malicious nature of this PDF.

Machine Learning

Nyx PDF Classifier malicious score 0.5518

Heuristics 3

ClamAV: Pdf.Exploit.Agent-21848 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-21848
/Launch action target: csqzai03.pdf high PDF_LAUNCH_COMMAND

PDF /Launch action specifies an executable target.
Launch action low PDF_LAUNCH

PDF contains a /Launch action; all filespec targets are document files (cross-PDF navigation pattern, common in multi-part document bundles)

Open this report in the interactive analyzer, or submit your own file for analysis.