× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 00e483e7979965daa432982292d4e263abc70413f55763dd8efe2376161d3c97
File name: EOSuMtLY_.pdf
Detection ratio: 16 / 55
Analysis date: 2014-09-12 08:06:22 UTC ( 7 months, 2 weeks ago )
Antivirus Result Update
AVG Script/PDF.Exploit 20140912
AhnLab-V3 PDF/Exploit 20140912
Avast JS:Pdfka-BYN [Expl] 20140912
Avira EXP/Pdfjsc.akb 20140912
Comodo UnclassifiedMalware 20140912
ESET-NOD32 JS/Exploit.Pdfka.QLD 20140912
Ikarus Exploit.JS.CVE-2010-0806 20140912
Kaspersky HEUR:Exploit.PDF.Generic 20140912
McAfee Artemis!B458E58E99D9 20140912
McAfee-GW-Edition BehavesLike.PDF.Exploit-CRT 20140912
Microsoft Exploit:Win32/Pdfjsc.AKZ 20140912
NANO-Antivirus Trojan.Script.Heuristic-pdf.gutwr 20140912
Qihoo-360 Trojan.Generic 20140912
Sophos Troj/PDFJs-TV 20140912
Symantec Trojan.Pidief 20140912
TrendMicro HEUR_PDFJS.STREM 20140912
AVware 20140912
Ad-Aware 20140912
AegisLab 20140912
Agnitum 20140911
Antiy-AVL 20140912
Baidu-International 20140912
BitDefender 20140912
Bkav 20140911
ByteHero 20140912
CAT-QuickHeal 20140911
CMC 20140908
ClamAV 20140912
Cyren 20140912
DrWeb 20140912
Emsisoft 20140912
F-Prot 20140912
F-Secure 20140912
Fortinet 20140912
GData 20140912
Jiangmin 20140911
K7AntiVirus 20140911
K7GW 20140911
Kingsoft 20140912
Malwarebytes 20140912
MicroWorld-eScan 20140912
Norman 20140912
Panda 20140911
Rising 20140911
SUPERAntiSpyware 20140912
Tencent 20140912
TheHacker 20140912
TotalDefense 20140911
TrendMicro-HouseCall 20140912
VBA32 20140911
VIPRE 20140912
ViRobot 20140912
Zillya 20140910
Zoner 20140912
nProtect 20140911
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.6.
PDFiD information
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document contains AcroForm objects. AcroForm Objects can specify and launch scripts or actions, that is why they are often abused by attackers.
This PDF document has 2 pages, please note that most malicious PDFs have only one page.
This PDF document has 14 object start declarations and 14 object end declarations.
This PDF document has 2 stream object start declarations and 2 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

PDFVersion
1.6

FileType
PDF

Linearized
No

FileAccessDate
2014:06:04 11:16:01+01:00

Warning
Error reading xref table

FileCreateDate
2014:06:04 11:16:01+01:00

File identification
MD5 b458e58e99d9464d931086e9d9c77501
SHA1 8a44b76a2d9ea319223717e3980dbf76c17d0fa1
SHA256 00e483e7979965daa432982292d4e263abc70413f55763dd8efe2376161d3c97
ssdeep
384:jLSySZySGHnKkz5gHWwiQOa3i/A9sDgHSlHqhUG41IT:jlS0HKoKHWw7CgylKhVD

File size 16.0 KB ( 16337 bytes )
File type PDF
Magic literal
PDF document, version 1.6

TrID Adobe Portable Document Format (100.0%)
Tags
exploit pdf invalid-xref cve-2010-0806 acroform file-embedded

VirusTotal metadata
First submission 2013-12-05 19:49:13 UTC ( 1 year, 4 months ago )
Last submission 2013-12-05 19:49:13 UTC ( 1 year, 4 months ago )
File names EOSuMtLY_.pdf
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

ExifTool file metadata
MIMEType
application/pdf

PDFVersion
1.6

FileType
PDF

Linearized
No

FileAccessDate
2014:06:04 11:16:01+01:00

Warning
Error reading xref table

FileCreateDate
2014:06:04 11:16:01+01:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!