PDF malware analysis — malicious · f2e8bb6126aa0ea6

MALICIOUS

PDF

1.3 KB

MD5: 2029d52c1011666383a728c46a877713 SHA-1: d67a0fdba5e6a41f6722d88a9ad9b9dec4855c0f SHA-256: f2e8bb6126aa0ea6cb2f5fce9a9a6791c2041694e5320c42c70a3b1d31d479f6

96 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF file contains embedded JavaScript and uses an ASCIIHexDecode filter, indicating an attempt to exploit a vulnerability. ClamAV detection as Pdf.Exploit.Agent-20193 further confirms its malicious nature. The primary attack vector appears to be leveraging a PDF vulnerability to trigger script execution.

Heuristics 4

ClamAV: Pdf.Exploit.Agent-20193 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Exploit.Agent-20193
ASCIIHexDecode filter (with exploit indicators) medium PDF_FILTER_HEX

Hex-encoding filter present alongside exploit delivery indicators — often used to hide payload or shellcode bytes
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Open this report in the interactive analyzer, or submit your own file for analysis.