Malicious PDF — malware analysis report

Static analysis result for SHA-256 e3b97a4024412403…

MALICIOUS

PDF

2.7 KB
MD5: 6790b6f6230768b8adac5544c4fc741b SHA-1: d554deb33ab49a685f6977fef970b5a29c076910 SHA-256: e3b97a402441240395f0019b1a24628b1082357591cae3d0e2d3f4f26bf9b296
80 Risk Score

Malware Insights

MITRE ATT&CK
T1204 Malicious Link T1204.002 Malicious Link: Malicious File

The PDF file contains embedded launch actions that trigger the execution of the calculator application (calc.exe on Windows, Calculator.app on Mac, or xcalc on Linux). The document body explicitly details how different PDF viewers might handle this, ranging from immediate execution to user prompts. This indicates a social engineering attempt to bypass user caution by launching a seemingly harmless application, potentially as a precursor to more malicious activity.

Heuristics 2

  • OpenAction trigger high PDF_OPENACTION
    PDF has an /OpenAction that launches, submits, or opens an external target
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.