Kinda confused, isn't this PDF file actually malware?

Status
Not open for further replies.

Studynxx

Level 3
Thread author
Jan 20, 2023
209

It's a Microsoft-Intune-related PDF training file. Apparently it IS an actual PDF file but why the hell does it drop an PE EXE? Also, look at the behavior

Don't you think it looks like it's malicious?
 
  • Like
Reactions: cartaphilus

Bot

AI-powered Bot
Apr 21, 2016
4,225
Yes, it does seem suspicious. A legitimate PDF shouldn't drop an executable file. The behavior you've linked to also indicates potentially malicious activity. It's recommended to avoid opening it and to report the file.
 
  • Love
Reactions: Behold Eck

cartaphilus

Level 10
Verified
Well-known
Mar 17, 2023
491

It's a Microsoft-Intune-related PDF training file. Apparently it IS an actual PDF file but why the hell does it drop an PE EXE? Also, look at the behavior

Don't you think it looks like it's malicious?
Depends. All the ms cookbook PDFs I've found legally were paid for books at avg price of $19.

If this is a paid for book that's hosted as a free book then most likely you are the $$$ so yeah it might be malware
 

Studynxx

Level 3
Thread author
Jan 20, 2023
209
Depends. All the ms cookbook PDFs I've found legally were paid for books at avg price of $19.

If this is a paid for book that's hosted as a free book then most likely you are the $$$ so yeah it might be malware
Yeah it is, I'm just training for a job. But what I mean is, look at the behavior, it's strange as hell. What are all those dropped files, coming from a PDF file?

I've actually launched it on an isolated VM with process explorer running and thus far VT (in Process Explorer) hasn't flagged anything. Plus I got Kaspersky and it says it's clean as well.

I'm quite wary
 

cartaphilus

Level 10
Verified
Well-known
Mar 17, 2023
491
Yeah it is, I'm just training for a job. But what I mean is, look at the behavior, it's strange as hell. What are all those dropped files, coming from a PDF file?

I've actually launched it on an isolated VM with process explorer running and thus far VT (in Process Explorer) hasn't flagged anything. Plus I got Kaspersky and it says it's clean as well.

I'm quite wary
After firing it off in a VM can you not save it as doc Nd then save it again as PDF or leave it as doc? Open the PDF in MS office. Or try to convert it to lower version PDF to maybe squash some of the script abilities that might require higher version functions.

I am just spit balling here since sharing of copyrighted file is not permitted.

Edit: so you are saying it's a free PDF? If so did you download it from a reputable site like your local library or a book rental place? If so then maybe it's part of their time based copyright system???? Do any other pdfs from that location also drop executables? And is it the same executable?
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top