Malicious PDF — malware analysis report

Static analysis result for SHA-256 f3696ab7a438b5a3…

MALICIOUS

PDF

303 B
MD5: 3d26937cc0696a3b339fbbdf67c73b1b SHA-1: e932b5d07619ecd7c148c44e70a90398825dc73c SHA-256: f3696ab7a438b5a33fa1b99e510166b151f4f4ea76349675be799856ea5f84e4
120 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File: User Execution: Malicious File T1059.003 Command and Scripting Interpreter: Windows Command Shell

The PDF contains a launch action that directly executes cmd.exe. This is a common technique for initiating further malicious activity, such as downloading and executing a second-stage payload. The direct execution of cmd.exe is a critical indicator of malicious intent.

Heuristics 2

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: cmd.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).

Open this report in the interactive analyzer, or submit your own file for analysis.