Win.Trojan.Agent-36281 PDF malware analysis — malicious · b99439b40b64d6b4

MALICIOUS

PDF

12.2 KB

MD5: b46a8d037c8d02558c19666bdb1a0765 SHA-1: 1dec2be9bf0d9724060d3d941fcba9a79198ca7d SHA-256: b99439b40b64d6b4aa25e460f16f97f0590a5a0aa6ae1872ad8fb65848fe68b7

106 Risk Score

Malware Insights

Win.Trojan.Agent-36281 · confidence 98%

MITRE ATT&CK

T1059.007 JavaScript T1204.002 Malicious File

The file is a PDF containing embedded JavaScript, a common technique for delivering malicious payloads. ClamAV identifies the sample as Win.Trojan.Agent-36281, and a machine learning classifier strongly indicates maliciousness. The embedded JavaScript is likely responsible for downloading and executing a second-stage payload.

Machine Learning

Nyx PDF Classifier malicious score 1.0000

Heuristics 3

ClamAV: Win.Trojan.Agent-36281 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Win.Trojan.Agent-36281
JavaScript action low PDF_JAVASCRIPT

PDF contains a /JavaScript action. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
Embedded JS stream low PDF_JS

PDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`javascript_obj0076_000.js` `4076a847e2cb682420bded383c879933a09b4812f9530dbd7e375a801b5e9c2b`	pdf-javascript-stream	PDF /JS object 76 at offset 0x369	11416 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.