Malicious PDF — malware analysis report

Static analysis result for SHA-256 e159c0cbecc05406…

MALICIOUS

PDF

1.0 KB
MD5: b6c7973d08c96c0dc115bf7726062045 SHA-1: ec989a5197959056f71503d7a810d3e29bf2026c SHA-256: e159c0cbecc054060db9772ef348bb29c2a4edc57a107660242daf2d21ab81d3
100 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1566.002 Spearphishing Attachment

The PDF file contains a launch action that directs the user to download an executable from 'http://www.freewebtown.com/updateadobe/updateadobe.exe'. This executable is likely malicious, as indicated by the heuristic firings for PDF_LAUNCH and PDF_LAUNCH_COMMAND. The document body also contains the same URL, reinforcing the malicious intent.

Heuristics 3

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: http://www.freewebtown.com/updateadobe/updateadobe.exe high PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.freewebtown.com/updateadobe/updateadobe.exe

Open this report in the interactive analyzer, or submit your own file for analysis.