Malicious PDF — malware analysis report

Static analysis result for SHA-256 b77172f163e75e5a…

MALICIOUS

PDF

1009 B
MD5: a3a696d20ab3b4f56c96c1e1f20ce4f8 SHA-1: d9f44d70662c7caa24792922c21238d69271705c SHA-256: b77172f163e75e5a1939312f935545a2d911875e342237b3be10e67f858d2fde
120 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.003 Windows Command Shell

The PDF file contains a launch action that executes cmd.exe, as indicated by the PDF_LAUNCH and PDF_LAUNCH_COMMAND heuristics. The document body text, while nonsensical, includes 'cmd.exe', reinforcing the intent to launch a command. This suggests an attempt to bypass security controls by directly executing a system command.

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.