Malicious PDF — malware analysis report

Static analysis result for SHA-256 d9560242e2607051…

MALICIOUS

PDF

1.0 KB
MD5: bbd2df8667299ace15846b42b29fbdc0 SHA-1: 33b891e70491f35cf7463ec5e72466d664651b39 SHA-256: d9560242e2607051c6fb7e2e25e29dadeb341d2ff9e061e885757734a0f97c40
100 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.003 Windows Command Shell

The PDF file contains a launch action that attempts to execute a file named 'line1 cmdd1234567890a1234567890b1234567890c1234567890d1234567890f.exe'. This executable is likely a second-stage payload. The document body contains the same filename, reinforcing the intent to trick the user into executing it.

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: line1 cmdd1234567890a1234567890b1234567890c1234567890d1234567890f.exe high PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target.

Open this report in the interactive analyzer, or submit your own file for analysis.