Malicious PDF — malware analysis report

Static analysis result for SHA-256 4bd549120de3bfb2…

MALICIOUS

PDF

1.4 KB
MD5: d29e4181d1dbdcdc56b16019df523821 SHA-1: ea85cf71364ee20c376104be5713f88b8d3035fe SHA-256: 4bd549120de3bfb23f300b0f1e1611cb9a5ef23c2ca82d077be7c07aa591d79e
120 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File Execution: User Execution: Malicious File T1059.003 Command and Scripting Interpreter: Windows Command Shell

The PDF file contains a launch action that directly executes cmd.exe. This is a common technique for initiating further malicious activity, such as downloading and executing a second-stage payload. The document body text does not provide additional context beyond confirming the presence of cmd.exe.

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.