Win.Trojan.Agent-36281 PDF malware analysis — malicious · 4c575cecdc8c05aa

MALICIOUS

PDF

12.6 KB

MD5: c3db59b204fa869e6a8c91f872ec2678 SHA-1: eef84cdf70046fbc630437d489c150553eb79135 SHA-256: 4c575cecdc8c05aa2b5ce40cf8052b36d93d8e4a82cca84f1f844390d015ad07

106 Risk Score

Malware Insights

Win.Trojan.Agent-36281 · confidence 98%

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF file was flagged by multiple heuristics, including a high-confidence ML classifier and ClamAV detection, indicating malicious intent. Embedded JavaScript, identified as 'javascript_obj0076_000.js', is likely responsible for executing the payload. The presence of JavaScript actions and streams within the PDF strongly suggests an attempt to exploit vulnerabilities or trick the user into executing malicious code.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Win.Trojan.Agent-36281 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36281
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `42f8ab9d332982fe1c53e63ef19ab173845da368f13a7a6ea68a9553788814e2`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11760 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.