Malicious PDF — malware analysis report

Static analysis result for SHA-256 b8a10491b187fe3a…

MALICIOUS

PDF

48.0 KB
MD5: 01d2245a433cbaa1aa496f994fc144bb SHA-1: 6d8dcadac3305a4b848d8e823f6beede63bbec4a SHA-256: b8a10491b187fe3af78884d918ed4b7e205be2ea3f2537baef41edcbc5b7a1e3
118 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1204.002 Malicious File

This PDF file was flagged as malicious by multiple engines, including a high-confidence ML classifier and ClamAV, which identified it as Pdf.Exploit.Agent-36110. The presence of JavaScript actions and the use of ASCIIHexDecode filters with exploit indicators suggest it is designed to leverage PDF vulnerabilities to execute malicious code. The primary attack vector appears to be exploiting PDF reader weaknesses to achieve arbitrary code execution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 3

  • ClamAV: Pdf.Exploit.Agent-36110 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Exploit.Agent-36110
  • ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX
    Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
  • JavaScript action low PDF_JAVASCRIPT
    PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.