× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ee0b1352929433076754e60b81e02f52210221587014192f0b5eb8ce764754e
File name: nm.pdf
Detection ratio: 42 / 63
Analysis date: 2018-05-05 10:31:17 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5072309 20180505
AegisLab Vba.Gen!c 20180505
AhnLab-V3 PDF/Dropper 20180505
ALYac Trojan.Downloader.PDF.Agent 20180505
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.dfc 20180505
Arcabit Trojan.Generic.D4D65B5 20180505
Avast VBA:Downloader-FFL [Trj] 20180505
AVG VBA:Downloader-FFL [Trj] 20180505
Avira (no cloud) W2000M/Agent.0446414 20180505
Baidu VBA.Trojan-Downloader.Agent.bae 20180503
BitDefender Trojan.GenericKD.5072309 20180505
CAT-QuickHeal O97M.Downloader.AJK 20180505
ClamAV Doc.Downloader.Jaff-6316585-1 20180505
Comodo .UnclassifiedMalware 20180505
Cyren PP97M/Downldr 20180505
DrWeb W97M.DownLoader.1738 20180505
Emsisoft Trojan.GenericKD.5072309 (B) 20180505
ESET-NOD32 PDF/TrojanDropper.Agent.U 20180505
F-Prot New or modified PP97M/Downldr 20180505
F-Secure Trojan-Dropper:JS/PdfDropper.A 20180505
Fortinet WM/Moat.F1678919!tr 20180505
GData Dropped:Trojan.PDF.Downloader.U (2x) 20180505
Ikarus Trojan-Dropper.PDF.Agent 20180505
Kaspersky Trojan-Downloader.PDF.Agent.es 20180505
MAX malware (ai score=100) 20180505
McAfee Exploit-FXN!6B305C5B59C2 20180505
McAfee-GW-Edition BehavesLike.PDF.Evasion.kb 20180505
Microsoft TrojanDownloader:JS/Nemucod 20180505
eScan Trojan.GenericKD.5072309 20180505
NANO-Antivirus Trojan.Script.Agent.esamjt 20180505
Panda O97M/Downloader 20180505
Qihoo-360 virus.office.obfuscated.1 20180505
Rising Heur.Macro.Downloader.d (KTSE) 20180505
Sophos AV Troj/DocDl-IYE 20180505
Symantec Trojan.Pidief 20180505
Tencent OLE.Win32.Macro.703738 20180505
TrendMicro PDF_MALMACRO.A 20180505
TrendMicro-HouseCall PDF_MALMACRO.A 20180505
VBA32 Trojan-Downloader.VBA.Agent.bae 20180504
ViRobot PDF.S.Agent.64226 20180505
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180505
Zoner Probably PDFEmbed 20180504
Alibaba 20180503
Avast-Mobile 20180505
AVware 20180428
Babable 20180406
Bkav 20180504
CMC 20180505
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cylance 20180505
eGambit 20180505
Endgame 20180504
Sophos ML 20180503
Jiangmin 20180505
K7AntiVirus 20180505
K7GW 20180505
Kingsoft 20180505
Malwarebytes 20180505
nProtect 20180505
Palo Alto Networks (Known Signatures) 20180505
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180505
Symantec Mobile Insight 20180505
TheHacker 20180504
TotalDefense 20180505
Trustlook 20180505
VIPRE 20180505
Webroot 20180505
Yandex 20180504
Zillya 20180504
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 5 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 15 object start declarations and 15 object end declarations.
This PDF document has 4 stream object start declarations and 4 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:09 11:24:53+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
154898

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:09 11:24:53+03:00

Compressed bundles
File identification
MD5 6b305c5b59c235122fd8049b1c4c794d
SHA1 baf08a5fe4f508babe41974af812536dd82c2008
SHA256 0ee0b1352929433076754e60b81e02f52210221587014192f0b5eb8ce764754e
ssdeep
1536:Vm/UN6jgkyGPsFLBYacOQ4RNynm2tLE4YNM6NA:Vm88jgkpP2Z76dI4YNM6NA

File size 62.7 KB ( 64226 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
pdf autoaction file-embedded attachment js-embedded

VirusTotal metadata
First submission 2017-05-11 07:42:11 UTC ( 1 year, 1 month ago )
Last submission 2018-05-05 10:31:17 UTC ( 1 month, 2 weeks ago )
File names JAFF RANSOMWARE (5)
da2e13ba52d8ac6f04db3a5ea9c51b3baf263f83
nm.pdf
201705110805v4B854rv026004dappprodauscertorgau_nm.pdf
nm1.pdf
nm.pdf
nm.pdf.5
BÖSEnm.pdf
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:09 11:24:53+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
154898

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:09 11:24:53+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!