PDF malware analysis — malicious · 254bb9788b596808

MALICIOUS

PDF

1.1 KB

MD5: 8e496575cb343633b5d9caafd6c7e771 SHA-1: c66e68bcc60edc0c4207f30f7a1edb56e49cc6a9 SHA-256: 254bb9788b596808cb32b4e1dc9a4a390a1bd4d4af6b0d0ac3a8932ac9d51f95

104 Risk Score

Malware Insights

MITRE ATT&CK

T1204 Malicious Link T1059.001 PowerShell

The critical ClamAV heuristic indicates this PDF is malicious, specifically identified as Pdf.Exploit.Agent-36178. The presence of PDF-specific heuristics like ASCIIHexDecode and ASCII85Decode filters, along with JavaScript actions, strongly suggests an exploit is embedded within the PDF structure. These filters are often used to obfuscate malicious code, which likely aims to execute arbitrary commands upon opening the document.

Heuristics 5

ClamAV: Pdf.Exploit.Agent-36178 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-36178
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
ASCII85Decode filter (with exploit indicators) low PDF_FILTER_85

ASCII85 encoding filter present alongside exploit delivery indicators — uncommon outside of obfuscation

Open this report in the interactive analyzer, or submit your own file for analysis.