Malicious PDF — malware analysis report

Static analysis result for SHA-256 e241379ed8a1a729…

MALICIOUS

PDF

1.1 KB
MD5: 15784387967c6b6d70ffc7b93f704243 SHA-1: c457c848a156adf1d4913985518552498cbcd630 SHA-256: e241379ed8a1a729c7411c6e293fe23806029ec8cf9c152b8317afa2e05a4ab5
120 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File T1059.003 Command and Scripting Interpreter: Windows Command Shell

The PDF file contains a launch action that directly executes cmd.exe. This is a common technique for initiating further malicious activity, such as downloading and executing a second-stage payload. The document body text is benign and does not provide additional context.

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.