| SHA256: | 0aa8ab30d46be758cbf79f7fa393248b1acd111f31da233a4b61ebaf2d9edcaf |
| File name: | mTLhDe.pdf |
| Detection ratio: | 5 / 47 |
| Analysis date: | 2013-11-06 23:40:00 UTC ( 3 years, 7 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| McAfee-GW-Edition | Heuristic.BehavesLike.PDF.Exploit-CRT.I | 20131106 |
| Microsoft | Exploit:Win32/Pdfjsc.AKB | 20131106 |
| NANO-Antivirus | Trojan.Script.Heuristic-pdf.gutwr | 20131106 |
| Sophos | Troj/PDFJs-TV | 20131106 |
| TrendMicro | HEUR_PDFJS.STREM | 20131106 |
| Yandex | 20131105 | |
| AhnLab-V3 | 20131106 | |
| AntiVir | 20131106 | |
| Antiy-AVL | 20131101 | |
| Avast | 20131107 | |
| AVG | 20131106 | |
| Baidu-International | 20131106 | |
| BitDefender | 20131106 | |
| Bkav | 20131106 | |
| ByteHero | 20131105 | |
| CAT-QuickHeal | 20131106 | |
| ClamAV | 20131106 | |
| Commtouch | 20131107 | |
| Comodo | 20131106 | |
| DrWeb | 20131106 | |
| Emsisoft | 20131107 | |
| ESET-NOD32 | 20131107 | |
| F-Prot | 20131106 | |
| F-Secure | 20131106 | |
| Fortinet | 20131106 | |
| GData | 20131106 | |
| Ikarus | 20131106 | |
| Jiangmin | 20131106 | |
| K7AntiVirus | 20131106 | |
| K7GW | 20131106 | |
| Kaspersky | 20131106 | |
| Kingsoft | 20130829 | |
| Malwarebytes | 20131106 | |
| McAfee | 20131106 | |
| eScan | 20131106 | |
| Norman | 20131106 | |
| nProtect | 20131107 | |
| Panda | 20131106 | |
| Rising | 20131106 | |
| SUPERAntiSpyware | 20131106 | |
| Symantec | 20131107 | |
| TheHacker | 20131106 | |
| TotalDefense | 20131106 | |
| TrendMicro-HouseCall | 20131106 | |
| VBA32 | 20131106 | |
| VIPRE | 20131107 | |
| ViRobot | 20131106 |
The file being studied is a PDF document!
The document's header reveals it is using the following file format
specification: %PDF-1.6.
PDFiD information
This PDF document contains
at least one embedded file. Embedded files can be used in
conjunction with launch actions in order to run malicious executables in the
machine viewing the PDF.
This PDF document
contains AcroForm objects. AcroForm Objects can specify and
launch scripts or actions, that is why they are often abused by attackers.
This PDF document
has 2 pages,
please note that most malicious PDFs have only one page.
This PDF document
has 14 object start declarations and
14 object end declarations.
This PDF document
has 2 stream object start declarations
and 2 stream object end
declarations.
This PDF document has a cross
reference table (xref).
This PDF document has a pointer
to the cross reference table (startxref).
This PDF document has a
trailer dictionary containing entries allowing the cross reference table,
and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf
FileType
PDF
Warning
Error reading xref table
PDFVersion
1.6
Linearized
No
File identification
MD5 3b141482d57aa716c8686b388fcbc8f3
SHA1 48938d02c80019f0486411346af9d6dd66a0977d
SHA256 0aa8ab30d46be758cbf79f7fa393248b1acd111f31da233a4b61ebaf2d9edcaf
ssdeep
384:jLSySZySGHNUKkz5gHWwiQOa3i/A9sDgHSlHqhUG41IT:jlS0tUKoKHWw7CgylKhVD
File size
16.0 KB ( 16346 bytes )
File type PDF
Magic literal
PDF document, version 1.6
| TrID |
Adobe Portable Document Format (100.0%) |
Tags
pdf
cve-2011-3402
acroform
file-embedded
invalid-xref
exploit
VirusTotal metadata
First submission
2013-11-06 23:40:00 UTC ( 3 years, 7 months ago )
Last submission
2013-11-06 23:40:00 UTC ( 3 years, 7 months ago )
| File names |
mTLhDe.pdf |
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the
scanned file presents certain characteristics which depending on the
user policies and environment may or may not represent a threat. For
full details see:
https://www.clamav.net/documents/potentially-unwanted-applications-pua
.
ExifTool file metadata
MIMEType
application/pdf
FileType
PDF
Warning
Error reading xref table
PDFVersion
1.6
Linearized
No
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!