PDF malware analysis — malicious · 548a8195125cd61d

MALICIOUS

PDF

2.3 KB

MD5: aadfabc65b031813967bbebc0a77e08d SHA-1: 62fcaba7d9f654787f53498ecef116fa43659cf9 SHA-256: 548a8195125cd61de00f11f867d3d74ea704f8c06e16657a79e4482a62e14f64

200 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File T1059.003 Windows Command Shell

This PDF file is malformed and contains a launch action that executes cmd.exe. The script content indicates the use of Scripting.FileSystemObject and WScript.Shell to potentially download and execute a file named 'helpme.exe'. This suggests the PDF is a dropper designed to initiate a malicious chain of execution.

Heuristics 4

Launch action critical PDF_LAUNCH

PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
/Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND

PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).
Malformed PDF header with no object graph high PDF_MALFORMED_NO_OBJECT_GRAPH

File starts with a PDF header but contains no indirect objects, xref table/stream, or startxref pointer. This is not a normal renderable PDF and can indicate parser fuzzing, evasion, or a corrupt exploit test case rather than benign content.
OpenAction trigger high PDF_OPENACTION

PDF has an /OpenAction that launches, submits, or opens an external target

Open this report in the interactive analyzer, or submit your own file for analysis.