PDF malware analysis — malicious · d2c2f7dd489005db

MALICIOUS

PDF

1.0 KB

MD5: dc4daca8679cc5fb40d5f5b0e7102970 SHA-1: eda412269fe8af0f2418feb8cd4035b9ac2e7396 SHA-256: d2c2f7dd489005db5a64620f8b764b57cfb0f25afa6782d87a16193122d6f6e2

130 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF file contains a launch action that directs the user to download and execute a file from the URL http://adobe.x10.bz/adobe/AdobeUpdater.exe. The document body contains sexually explicit lures and repeats this URL, indicating a social engineering attempt to trick the user into running the downloaded executable. The ML classifier strongly supports the malicious verdict.

Machine Learning

Nyx PDF Classifier malicious score 0.9996

Heuristics 3

Launch action critical PDF_LAUNCH

PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
/Launch action target: http://adobe.x10.bz/adobe/AdobeUpdater.exe high PDF_LAUNCH_COMMAND

PDF /Launch action specifies an executable target.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://adobe.x10.bz/adobe/AdobeUpdater.exe

Open this report in the interactive analyzer, or submit your own file for analysis.