Win.Trojan.Agent-36280 PDF malware analysis — malicious · af9ec0e8a00debb8

MALICIOUS

PDF

12.4 KB

MD5: 9f7b806aaf893228722a31d424c1862e SHA-1: 7cf7fbbae239c2cfc7965cc67d8786f890b97a4c SHA-256: af9ec0e8a00debb85325377f7d2a0c19bdb94592a6a42cadfee57978d183e70d

106 Risk Score

Malware Insights

Win.Trojan.Agent-36280 · confidence 98%

MITRE ATT&CK

T1204.002 Malicious File: User Execution: Malicious File

The file is a PDF identified as malicious by ClamAV and a machine learning classifier. It contains embedded JavaScript, indicating an attempt to execute malicious code upon opening. The presence of JavaScript actions and streams strongly suggests the PDF is designed to exploit vulnerabilities or deliver a secondary payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Win.Trojan.Agent-36280 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36280
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `85e9848a4c9f8cf1516cad9cd60dfdf50426259727a3f276b6158c96e7b3335c`	pdf-javascript-stream	PDF /JS object 76 at offset 0x383	11543 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.