Malicious PDF — malware analysis report

Static analysis result for SHA-256 51547b383211f57f…

MALICIOUS

PDF

1.1 KB
MD5: 0bcd884ad4f34c331f266c88294da5cd SHA-1: 261e83a91b4cf6fb4b1675562fbac69a92e2e282 SHA-256: 51547b383211f57f331ce53df1dfddcc1d7cc94a2b70684d77b74fbd9b7b5874
120 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File T1059.003 Command and Scripting Interpreter: Windows Command Shell

The PDF file contains a launch action that directly executes cmd.exe. This is a common technique for initiating further malicious activity, such as downloading and executing additional payloads or establishing persistence. The document body contains garbled text but the critical heuristic clearly indicates the intent to launch a command shell.

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.