Malicious PDF — malware analysis report

Static analysis result for SHA-256 dc5d721ca590b037…

MALICIOUS

PDF

989 B
MD5: 767ad255c9b58432e5241f0f10430bcd SHA-1: 6e6076657bf09bd456f853c8df484d96231f412c SHA-256: dc5d721ca590b037692b21a0e8f51f29457373ab072e6d9eff7d0143dfb86cd0
120 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.003 Windows Command Shell

The PDF file contains a launch action that directly executes cmd.exe. This is a common technique for initiating further malicious activity, such as downloading and executing additional payloads or establishing persistence. The document body text is minimal and does not provide further context beyond the presence of 'cmd.exe'.

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.