Win.Trojan.Agent-36281 PDF malware analysis — malicious · 39e00f655fc7d115

MALICIOUS

PDF

12.5 KB

MD5: 96de30d3981bde2d29f1dc75e2074016 SHA-1: 57d46739ae66ca6bae5078309074e024d48db7ea SHA-256: 39e00f655fc7d115d5fd1378c12ccd77cb67a3131daa2671eed210518cf1fa37

106 Risk Score

Malware Insights

Win.Trojan.Agent-36281 · confidence 98%

MITRE ATT&CK

T1204.002 Malicious File: User Execution: Malicious File

The PDF file was detected by ClamAV as Win.Trojan.Agent-36281 and flagged by an ML classifier with high confidence. It contains embedded JavaScript, indicating an attempt to execute malicious code upon opening. The primary attack vector appears to be the embedded JavaScript, likely designed to exploit PDF vulnerabilities or download further malicious content.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Win.Trojan.Agent-36281 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36281
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `e98e9e4be534aeda5f443fe6adb179d26ce3ca8cf4d84ffcfbc581055cf54b53`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11681 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.