Malicious PDF — malware analysis report

Static analysis result for SHA-256 a9dbbb2364137b26…

MALICIOUS

PDF

505 B
MD5: cdacdea969925b3bcf0868fa5ac81989 SHA-1: 07531f28c5c60da9f6f8cf77edd9325d1fe13f87 SHA-256: a9dbbb2364137b26f68e4d2989d13054dc76907e7c71a84aa86b46f6127798da
100 Risk Score

Malware Insights

MITRE ATT&CK
T1059.003 Windows Command Shell

The PDF file contains a launch action that executes 'cmd.exe /q/c calc.exe'. This indicates an attempt to run the calculator application, likely as a proof-of-concept or a preliminary step in a more complex attack chain. No other malicious indicators were found.

Heuristics 2

  • /Launch action target: "cmd.exe" critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target with parameters '/q/c calc.exe' — references a known-dangerous executable (cmd, PowerShell, etc.).
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.