Malicious PDF — malware analysis report

Static analysis result for SHA-256 b4a981afb320b093…

MALICIOUS

PDF

438.8 KB First seen: 2026-06-14
MD5: a78346f68cd56d5fd7ea3764759ac0bf SHA-1: 525997e439b1682278b1712105b748d872f20f80 SHA-256: b4a981afb320b093f8fcf42810b0a85f9b8be83f0b7f48ec6cf1f29856b33142
190 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9986

Heuristics 3

  • Launch action critical PDF_LAUNCH
    PDF contains a /Launch action whose target is an executable, URL, or UNC path — can start an external application
  • /Launch action target: powershell.exe critical PDF_LAUNCH_COMMAND
    PDF /Launch action specifies an executable target — references a known-dangerous executable (cmd, PowerShell, etc.).
  • Embedded script payload in PDF stream high PDF_EMBEDDED_SCRIPT_PAYLOAD
    PDF stream bytes contain script execution markers such as ActiveXObject/CreateObject, WScript.Shell, PowerShell, or shell-exec primitives. This is stronger than ordinary PDF JavaScript because it indicates a staged external script payload hidden in stream bytes.

Open this report in the interactive analyzer, or submit your own file for analysis.