JAN 8, 2024
I Have Opened A Malware PDF File. What Now?
Three free online tools anyone can use to investigate malicious files or URLs. Take precautions, protect your digital assets, and have a safe online journey.
"I was not thinking straight and opened a phishing email.
"To make things worse, I have also opened the attached PDF, and the following file has opened."
"C:/Users/admin/AppData/... what is happening here?"
"Have I installed some malware or viruses?"
These are questions that, in one form or another, we come across every so often in forums.
We know that you take your digital safety very seriously, and the good digital practices you follow prevent you from encountering this kind of situation.
But everyone can have a bad day or be in a hurry, become distracted, and take a step that will be regretted.
In this post, we will review the steps you should take if you ever make a similar cybersecurity mistake:
- How to use Hybrid Analysis to analyze a suspicious file
- How to use Virus Total to analyze a suspicious file
- How to use File Scan to analyze a suspicious file
- ... what was the hacker after?
- What to do if you suspect you have installed malware on your device.
Be warned: Curiosity killed the cat.
Before moving ahead, please be careful if you decide to do a phishing email investigation yourself.
Many emails contain invisible tracking pixels used to collect sensitive data without your awareness.
While many legitimate companies use tracking pixels in your communications, they do not use the collected information for malicious purposes. How this practice invades your privacy may be debatable, though.
But be aware that most phishing emails contain invisible tracking pixels and collect information that can be used to organize further phishing attacks.
Additionally, some emails can contain pernicious malware that can be used to hijack sessions. Out of curiosity, one small mistake can put you at risk.
How to use Hybrid Analysis to analyze a suspicious file
'This is a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology.'
If you have a suspicious file that you want to analyze, you need to drop it, and Hybrid Analysis will analyze it for you.
This is a 5-minute power-up, so we will not do a detailed Hybrid Analysis review. But if you want to learn more, please review the Hybrid Analysis FAQ webpage.
We have dropped our PDF for analysis, and it seems it is deemed safe: CrowdStrike Falcon clean, MetaDefender Clean, and VirusTotal clean.
More on that in the section 'If no malware or virus was installed, what was the hacker after?'.
How to use Virus Total to inspect a suspicious file
'Analyse suspicious files, domains, IPs, and URLs to detect malware and other breaches, automatically share them with the security community.'
If you have a suspicious file that you want to analyze, you need to drop it, and Virus Total will analyze it for you.
This is a 5-minute power-up, so we will not do a detailed Virus Total review. But if you want to learn more, please review the Virus Total How It Works webpage.
Once again, we have dropped our suspicious file, which has been deemed safe: 'No security vendors and 1 sandbox flagged this file as malicious.'
Still, for contrast, see below the assessment of a malicious 'optimizer.exe' file and how '6 security vendors and 1 sandbox flagged this file as malicious.'
How to use File Scan to inspect a suspicious file
To continue reading this piece you'll need to support the author by logging in and connecting a wallet and locking ACS with them. By having an locked at least the minimum of 250 ACS locked, you'll be able to continue reading this piece.