Kinda confused, isn't this PDF file actually malware?

Status
Not open for further replies.
S

Studynxx

Level 4
Thread author
Jan 20, 2023
222

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

It's a Microsoft-Intune-related PDF training file. Apparently it IS an actual PDF file but why the hell does it drop an PE EXE? Also, look at the behavior

Don't you think it looks like it's malicious?
 
  • Like
Reactions: cartaphilus
Bot

Bot

AI-powered Bot
Apr 21, 2016
4,370
Yes, it does seem suspicious. A legitimate PDF shouldn't drop an executable file. The behavior you've linked to also indicates potentially malicious activity. It's recommended to avoid opening it and to report the file.
 
  • Love
Reactions: Behold Eck
cartaphilus

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
505
Studynxx said:

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

It's a Microsoft-Intune-related PDF training file. Apparently it IS an actual PDF file but why the hell does it drop an PE EXE? Also, look at the behavior

Don't you think it looks like it's malicious?
Click to expand...
Depends. All the ms cookbook PDFs I've found legally were paid for books at avg price of $19.

If this is a paid for book that's hosted as a free book then most likely you are the $$$ so yeah it might be malware
 
  • Like
Reactions: simmerskool and Dave Russo
S

Studynxx

Level 4
Thread author
Jan 20, 2023
222
cartaphilus said:
Depends. All the ms cookbook PDFs I've found legally were paid for books at avg price of $19.

If this is a paid for book that's hosted as a free book then most likely you are the $$$ so yeah it might be malware
Click to expand...
Yeah it is, I'm just training for a job. But what I mean is, look at the behavior, it's strange as hell. What are all those dropped files, coming from a PDF file?

I've actually launched it on an isolated VM with process explorer running and thus far VT (in Process Explorer) hasn't flagged anything. Plus I got Kaspersky and it says it's clean as well.

I'm quite wary
 
  • Like
Reactions: Dave Russo, oldschool and cartaphilus
cartaphilus

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
505
Studynxx said:
Yeah it is, I'm just training for a job. But what I mean is, look at the behavior, it's strange as hell. What are all those dropped files, coming from a PDF file?

I've actually launched it on an isolated VM with process explorer running and thus far VT (in Process Explorer) hasn't flagged anything. Plus I got Kaspersky and it says it's clean as well.

I'm quite wary
Click to expand...
After firing it off in a VM can you not save it as doc Nd then save it again as PDF or leave it as doc? Open the PDF in MS office. Or try to convert it to lower version PDF to maybe squash some of the script abilities that might require higher version functions.

I am just spit balling here since sharing of copyrighted file is not permitted.

Edit: so you are saying it's a free PDF? If so did you download it from a reputable site like your local library or a book rental place? If so then maybe it's part of their time based copyright system???? Do any other pdfs from that location also drop executables? And is it the same executable?
 
  • Like
Reactions: simmerskool, Dave Russo and oldschool
Status
Not open for further replies.

Similar threads

XylentAntivirus
    • Like
How to provide is file is malware? The importance of Open Source Antiviruses.
Replies
2
Views
525
Malware Analysis
Trident
Trident
Trident
    • Like
    • +Reputation
Malware News Attacker Relies on Retired IE and Parlour Tricks for More than a Year
Replies
4
Views
3,054
Security News
brambedkar59
brambedkar59
Chipicao
    • Like
    • +Reputation
    • Wow
  • Locked
Malware Analysis Suspicious Malware under PDF
Replies
17
Views
3,109
Malware Analysis
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top