Malicious PDF — malware analysis report

Static analysis result for SHA-256 f1b76a9ca3fe0927…

MALICIOUS

PDF

713 B
MD5: 2ba8d303ac8e282e79a432715d0e1d18 SHA-1: edf795defcdf9e3b9e28948c9237fc320f45cc2c SHA-256: f1b76a9ca3fe0927677509b69e4ddc0ea9c3b4e65c79b7128b66ef65726a6e3c
100 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File T1059.003 Command and Scripting Interpreter: Windows Command Shell

The PDF file contains a launch action that directly executes 'cmd.exe'. This indicates an attempt to run arbitrary commands on the user's system, likely to download and execute a secondary payload or perform other malicious actions. The confidence is high due to the direct execution of the command interpreter.

Heuristics 2

  • /Launch action target: "cmd.exe" critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).
  • Launch action high PDF_LAUNCH
    PDF contains a /Launch action with an unresolved or extension-less target — treat as potentially dangerous

Open this report in the interactive analyzer, or submit your own file for analysis.