Malicious PDF — malware analysis report

Static analysis result for SHA-256 92ba8c437f6919df…

MALICIOUS

PDF

718 B
MD5: cd3228460cecd4f3a417708b2c8ca802 SHA-1: 613b139de60f32da97183903e2947351a1aec7eb SHA-256: 92ba8c437f6919dfdbce5b3ce99b30d542ea19bef8e328915fbe37ad2e7c07a8
100 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious PDF T1059.003 Command and Scripting Interpreter: Windows Command Shell

The PDF file contains a launch action that directly executes cmd.exe. This indicates an attempt to bypass user interaction and directly run a command-line interpreter, likely to download and execute a secondary payload or perform further malicious actions. The confidence is high due to the direct execution of cmd.exe.

Heuristics 2

  • /Launch action target: "cmd.exe" critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.