Win.Trojan.Agent-36281 PDF malware analysis — malicious · 2c5b9aa97b5577bd

MALICIOUS

PDF

12.4 KB

MD5: b1d69eaf942eb86be7cdd2d6c1921c17 SHA-1: 4993c34e0592e4e10244db7bf1faa70c652a3a47 SHA-256: 2c5b9aa97b5577bd910992d095da7b59e8d28dc38dc0e61a3ab9d8beeb063429

106 Risk Score

Malware Insights

Win.Trojan.Agent-36281 · confidence 95%

MITRE ATT&CK

T1059 Command and Scripting Interpreter

The PDF file was flagged as malicious by a machine learning classifier and ClamAV, which identified it as Win.Trojan.Agent-36281. It contains embedded JavaScript, indicating an attempt to execute malicious code. The primary attack vector appears to be the embedded JavaScript, likely used to exploit PDF vulnerabilities or download further malicious content.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Win.Trojan.Agent-36281 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36281
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `878661aa24c044f756e28eb0ecf556f632f54081538c2d53d178d990c1b9e359`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11588 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.