Malicious PDF — malware analysis report

Static analysis result for SHA-256 f160cc66eb707345…

MALICIOUS

PDF

1.3 KB
MD5: 12cd465c7a3b6365e99e9674f65c27d2 SHA-1: 9b3d5c230d16fa84a418d00a4bc4278f55b411be SHA-256: f160cc66eb7073451642204b64242cf395f13580284cd843118a1bd7e1d98062
120 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious Link T1059.003 Windows Command Shell

The PDF file contains a launch action that executes cmd.exe, as indicated by the PDF_LAUNCH and PDF_LAUNCH_COMMAND heuristics. The document body text reinforces this by instructing the user to 'click to decrypt ... cmd.exe open'. This suggests a social engineering attempt to get the user to launch a command-line interpreter, likely to download and execute a secondary payload.

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.