Here is the question.
A user receives a potentially malicious email that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review. Which of the following commands would MOST likely indicate if the email is malicious?
A. sha256sum ~/Desktop/file.pdf
B. file ~/Desktop/file.pdf
C. strings ~/Desktop/file.pdf | grep “<script”
D. cat < ~/Desktop/file.pdf | grep -i .exe
I’m pretty sure the answer is A but I would like to be able to provide context as to why A is correct and why the other choices are wrong. Would someone be willing to help me out here? Thanks!