MALICIOUS
200
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
T1059.003 Windows Command Shell
The PDF file is malformed and contains an OpenAction trigger that executes a launch action. This launch action targets cmd.exe, indicating an attempt to execute arbitrary commands. The malformed nature of the PDF suggests it is designed to exploit a vulnerability rather than present benign content. The primary goal appears to be the execution of a secondary payload via cmd.exe.
Heuristics 4
-
Launch action critical PDF_LAUNCHPDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
-
/Launch action target: cmd.exe critical PDF_LAUNCH_COMMANDPDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).
-
Malformed PDF header with no object graph high PDF_MALFORMED_NO_OBJECT_GRAPHFile starts with a PDF header but contains no indirect objects, xref table/stream, or startxref pointer. This is not a normal renderable PDF and can indicate parser fuzzing, evasion, or a corrupt exploit test case rather than benign content.
-
OpenAction trigger high PDF_OPENACTIONPDF has an /OpenAction that launches, submits, or opens an external target
Open this report in the interactive analyzer, or submit your own file for analysis.