Win.Trojan.Agent-36281 PDF malware analysis — malicious · 54cdcce16754d158

MALICIOUS

PDF

12.2 KB

MD5: a612900991903dad89d69ab93a76b703 SHA-1: 4b406a420bbe48368b4be9031c689602cfeeb6f2 SHA-256: 54cdcce16754d158c7e7997e966d2e8c2a2ea61733e7c0a59fc2f0f61dda50e1

106 Risk Score

Malware Insights

Win.Trojan.Agent-36281 · confidence 98%

MITRE ATT&CK

T1204.002 Malicious File: Malicious File

The PDF was flagged by a machine learning classifier with high confidence and detected by ClamAV as Win.Trojan.Agent-36281. It contains embedded JavaScript, indicating an attempt to execute malicious code upon opening. The presence of JavaScript actions and streams strongly suggests the file is designed to exploit vulnerabilities or download further malicious content.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Win.Trojan.Agent-36281 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36281
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `5c0382b17a05f23f6646e7210fc1812936ac0195f47e8e3aafa8f9335e4c1084`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11425 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.