Malicious PDF — malware analysis report

Static analysis result for SHA-256 ee82a968fa726346…

MALICIOUS

PDF

742 B
MD5: ca4d4e53e7b816bea96ccd29f40ac8ae SHA-1: 58c991ac120b8788354004b231919d799429375c SHA-256: ee82a968fa72634626a29c158701d37d119b05227fe8de0d9687d6b7d1f018c5
100 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File T1059.003 Command and Scripting Interpreter: Windows Command Shell

The PDF file contains a launch action that directly executes cmd.exe. This indicates an attempt to leverage a known PDF vulnerability to gain command execution on the victim's system. The specific PDF exploit used is not identified, but the direct execution of cmd.exe is a high-confidence indicator of malicious intent.

Heuristics 2

  • /Launch action target: "cmd.exe" critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.