Malicious PDF — malware analysis report

Static analysis result for SHA-256 408f47632b03c990…

MALICIOUS

PDF

89 B
MD5: 06a5c2a9d625c9d80879f414cbdacd66 SHA-1: 7a16454f91a0846ddca34fe0ae1bcbda733c834b SHA-256: 408f47632b03c9902acd2f97f03d482dcb4cd9e052b70cd3f261cda540751574
140 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File T1566.002 Phishing: Spearphishing Attachment

The PDF contains an OpenAction trigger and a Launch action that directs the user to open the external URL www.google.com. This is a common technique for delivering malicious content or redirecting users to phishing sites. The file is small and lacks a document body, suggesting it's a simple dropper or redirector.

Heuristics 3

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • OpenAction trigger high PDF_OPENACTION
    PDF has an /OpenAction that launches, submits, or opens an external target
  • /Launch action target: www.google.com high PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target.

Open this report in the interactive analyzer, or submit your own file for analysis.