Malicious PDF — malware analysis report

Static analysis result for SHA-256 a681f43cffe582fe…

MALICIOUS

PDF

489 B
MD5: 6614e2dd0cc5d59321f27c7af7940ea1 SHA-1: c64e3a16e346e25b1b85d7dd4c790c9df3c5ef1e SHA-256: a681f43cffe582fe81d0ff1ff0b93b6d609f21cbaee74cf07921a9e8d868a47a
80 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The PDF file contains a launch action that attempts to execute calc.exe. This is a common technique used to bypass security controls and download or execute a second-stage payload. The confidence is high due to the direct execution attempt.

Heuristics 2

  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous
  • /Launch action target: "calc.exe" high PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target.

Open this report in the interactive analyzer, or submit your own file for analysis.