× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 08af5513378e9186ba26b4ba1aa8b2e3951d61328f8d7a8c98a43f087cb7a97a
File name: 3bdefd18c731d9b5f478605d5c5610f9.pdf
Detection ratio: 35 / 54
Analysis date: 2017-02-02 04:36:40 UTC ( 4 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Doc.Agent.J 20170202
AegisLab Troj.Downloader.PDF.Agent.aw!c 20170202
AhnLab-V3 PDF/Agent 20170201
ALYac Trojan.Doc.Agent.J 20170202
Antiy-AVL Trojan[Downloader]/PDF.Agent.aw 20170202
Arcabit Trojan.Doc.Agent.J 20170202
Avast VBA:Downloader-KN [Trj] 20170202
AVG W97M/Generic 20170202
Avira (no cloud) PDF/Agent.42605 20170201
AVware Trojan.PDF.Generic.a (v) 20170202
Baidu Multi.Threats.InArchive 20170125
BitDefender Trojan.Doc.Agent.J 20170202
CAT-QuickHeal PDF.Dropper.C 20170201
Cyren PP97M/Donoff 20170202
DrWeb W97M.DownLoader.552 20170202
Emsisoft Trojan.Doc.Agent.J (B) 20170202
ESET-NOD32 PDF/TrojanDropper.Agent.B 20170202
F-Prot New or modified PP97M/Donoff 20170202
F-Secure Trojan.Doc.Agent.J 20170202
Fortinet WM/Agent.BJC!tr.dldr 20170202
GData Trojan.Doc.Agent.J 20170202
Ikarus Trojan-Dropper.PDF.Agent 20170201
Kaspersky Trojan-Downloader.PDF.Agent.aw 20170201
McAfee Downloader-FAXN!3BDEFD18C731 20170202
McAfee-GW-Edition BehavesLike.PDF.Suspicious.pb 20170201
Microsoft TrojanDownloader:O97M/Donoff 20170202
eScan Trojan.Doc.Agent.J 20170202
NANO-Antivirus Trojan.Script.PDF.dzxkwm 20170202
Panda W97M/Downloader 20170201
Qihoo-360 heur.macro.encodefeature.d 20170202
Sophos Troj/DocDl-XI 20170202
Symantec W97M.Downloader 20170201
Tencent OLE.Win32.Macro.700322 20170202
VIPRE Trojan.PDF.Generic.a (v) 20170202
ViRobot PDF.S.Exploit.42605[h] 20170202
Alibaba 20170122
Bkav 20170123
ClamAV 20170202
CMC 20170202
Comodo 20170202
CrowdStrike Falcon (ML) 20170130
Invincea 20170111
Jiangmin 20170201
K7AntiVirus 20170201
K7GW 20170202
Kingsoft 20170202
Malwarebytes 20170201
nProtect 20170202
Rising 20170202
SUPERAntiSpyware 20170202
TheHacker 20170129
TotalDefense 20170201
TrendMicro-HouseCall 20170202
Trustlook 20170202
VBA32 20170201
WhiteArmor 20170123
Yandex 20170201
Zillya 20170201
Zoner 20170202
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 3 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 12 object start declarations and 12 object end declarations.
This PDF document has 2 stream object start declarations and 2 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2015:08:11 10:50:28+03:00

Producer
iTextSharp 5.5.5 2000-2014 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2015:08:11 10:50:28+03:00

File identification
MD5 3bdefd18c731d9b5f478605d5c5610f9
SHA1 dfba593764c3ce6739bc5f14ea831726e2cb8962
SHA256 08af5513378e9186ba26b4ba1aa8b2e3951d61328f8d7a8c98a43f087cb7a97a
ssdeep
768:LVMgB/ey+rcq7fm63YlGOC7pBC+yarI8bO5Pc63WF4I5OWeGY4FCoERHpEgSp4Nc:h/eBR3YlCpBC+hPbO5Pcam6CCoE1pExb

File size 41.6 KB ( 42605 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
pdf file-embedded attachment js-embedded

VirusTotal metadata
First submission 2015-08-11 08:16:46 UTC ( 1 year, 10 months ago )
Last submission 2016-04-05 14:04:26 UTC ( 1 year, 2 months ago )
File names DirectDebit Invoice_5262307_011220140151449702826.pdf
Shipping Labels
Shipping Labels (938854744923).pdf
na_Shipping Labels (938854744923).pdf
37c7d489eeecab020512f74f2c5ffc31
715640_Shippingx2520Labelsx2520x2528938854744923x2529.pdf
t.pdf
file.pdf
f8f73d2157601f436ad7a85daae0cd56
Shipping Labels (938854744923).ooo.pdf
Shipping Labels (938854744923).pdf
shipping.pdf
3bdefd18c731d9b5f478605d5c5610f9.pdf
Shipping Labels (938854744923).pdf
0bfcd41e070b37ab0379a8c2a82a5986
Shipping Labels (938854744923).MALPDF
malware.pdf
suspect.pdf
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2015:08:11 10:50:28+03:00

Producer
iTextSharp 5.5.5 2000-2014 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2015:08:11 10:50:28+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!