Malicious PDF — malware analysis report

Static analysis result for SHA-256 cf82352c4c19437c…

MALICIOUS

PDF

1.1 KB
MD5: bab48ea3f2a2e19dbe75f2ee4961fcea SHA-1: b1b438ba572b917a33e886908ecc2822ffa9fb92 SHA-256: cf82352c4c19437cf89ccfe69c74e4487d9847f139cb124321c04d9d6f9caead
120 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File T1059.003 Command and Scripting Interpreter: Windows Command Shell

The PDF file contains a launch action that directly executes cmd.exe. This is a common technique for initiating further malicious activity, such as downloading and executing additional payloads or establishing persistence. The document body contains garbled text but the critical heuristic firings clearly indicate the malicious intent.

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.