Malicious PDF — malware analysis report

Static analysis result for SHA-256 58efcd3c30d17bbe…

MALICIOUS

PDF

473 B
MD5: b071e65df3f6d32a2acae5131a625f7b SHA-1: 294672cb6585ea31a054de8320b1602be87da631 SHA-256: 58efcd3c30d17bbe18d233b5d7dd4e281816b8706500f0cde0483a672ec9fe85
160 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.003 Windows Command Shell

The PDF file contains a malicious OpenAction that triggers a launch action. This action is configured to execute cmd.exe, as indicated by the PDF_LAUNCH_COMMAND heuristic. The document body further reinforces this by presenting a prompt to the user to click 'Open' to access 'Confidential Data', suggesting a social engineering lure to bypass user caution and execute the command.

Heuristics 3

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).
  • OpenAction trigger high PDF_OPENACTION
    PDF has an /OpenAction that launches, submits, or opens an external target

Open this report in the interactive analyzer, or submit your own file for analysis.