Malicious PDF — malware analysis report

Static analysis result for SHA-256 dffc0676916b85ea…

MALICIOUS

PDF

690 B
MD5: 5a1039f65da178c2cb07bd5e9f4304dd SHA-1: 77055b539954f62c98d2e96ff82989d398f9963a SHA-256: dffc0676916b85ea8e3f28734e43e90dcb7af8c6efc1a5f1a285a5044d8952e6
160 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File T1059.003 Windows Command Shell

The PDF file contains an OpenAction trigger and a Launch action, indicating it is designed to execute external code upon opening. ClamAV also flagged it as obfuscated malware. The presence of 'cmd.exe' in the document body suggests an attempt to execute the Windows command shell, likely to download and run a secondary payload.

Heuristics 3

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • ClamAV: Heuristics.PDF.ObfuscatedNameObject critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Heuristics.PDF.ObfuscatedNameObject
  • OpenAction trigger high PDF_OPENACTION
    PDF has an /OpenAction that launches, submits, or opens an external target

Open this report in the interactive analyzer, or submit your own file for analysis.