Malicious PDF — malware analysis report

Static analysis result for SHA-256 9afed1449a178d5a…

MALICIOUS

PDF

1.0 KB
MD5: 30346f9a34bc3fabffa8ba41435ad397 SHA-1: 2684eb286a649312fe98d48dd651623692e04ffb SHA-256: 9afed1449a178d5afc73a56814efaebdeb601041fa34aad2901a124719736d43
120 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File T1059.003 Command and Scripting Interpreter: Windows Command Shell

The PDF file contains a launch action that attempts to execute cmd.exe. This is a common technique for delivering secondary payloads or executing malicious commands. The document body text also indicates an attempt to open the command prompt.

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.