× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11f718fc6bb11d9e47188f7f2946e274318810c3e58e189ab875ab264dac47c9
File name: output.9302591.txt
Detection ratio: 26 / 44
Analysis date: 2013-02-01 01:32:35 UTC ( 1 year, 2 months ago )
Antivirus Result Update
AVG Exploit_c.WGV 20130131
AntiVir EXP/Pidief.dmj 20130131
Avast JS:Pdfka-gen [Expl] 20130201
BitDefender PDF:Exploit.PDF-JS.JQ 20130201
ClamAV PDF.Exploit.Blackhole-4 20130131
Commtouch JS/Pdfka.IY.gen 20130201
Comodo Exploit.JS.Pdfka.baa 20130131
DrWeb Exploit.PDF.3123 20130201
ESET-NOD32 JS/Exploit.Pdfka.QCE 20130131
F-Prot JS/Pdfka.IY.gen 20130131
F-Secure PDF:Exploit.PDF-JS.JQ 20130201
Fortinet PDF/Pdfka.PXV!exploit 20130201
GData PDF:Exploit.PDF-JS.JQ 20130201
Ikarus Exploit.PDF 20130201
Kaspersky HEUR:Exploit.Script.Generic 20130201
McAfee Exploit-PDF!Blacole.o 20130201
McAfee-GW-Edition Heuristic.BehavesLike.PDF.Exploit-CRT.I 20130201
MicroWorld-eScan PDF:Exploit.PDF-JS.JQ 20130201
Microsoft Exploit:Win32/Pdfjsc.AEW 20130131
NANO-Antivirus Trojan.Script.Heuristic-pdf.gutwr 20130201
Norman Pdfjsc.CS 20130131
Sophos Troj/PDFJS-ABX 20130131
TrendMicro TROJ_PIDIEF.SMXC 20130201
TrendMicro-HouseCall TROJ_PIDIEF.SMXC 20130201
VIPRE Exploit.PDF.pdfjsc.abx (v) 20130201
nProtect PDF:Exploit.PDF-JS.JQ 20130131
Agnitum 20130131
Antiy-AVL 20130131
CAT-QuickHeal 20130131
Emsisoft 20130201
Jiangmin 20121221
K7AntiVirus 20130131
Kingsoft 20130131
Malwarebytes 20130131
PCTools 20130201
Panda 20130131
Rising 20130131
SUPERAntiSpyware 20130201
Symantec 20130201
TheHacker 20130131
TotalDefense 20130131
VBA32 20130131
ViRobot 20130131
eSafe 20130131
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 5 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an automatic action to be performed when a given page of the document is viewed. Malicious PDF documents with JavaScript very often use an automatic action to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains AcroForm objects. AcroForm Objects can specify and launch scripts or actions, that is why they are often abused by attackers.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 30 object start declarations and 30 object end declarations.
This PDF document has 5 stream object start declarations and 5 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

FileType
PDF

Warning
Invalid secondary xref table

PDFVersion
1.4

Linearized
No

File identification
MD5 285b4186a435d80b503da88c922ea214
SHA1 371ff4463d9fca9791500ead40d70d960dcb61b8
SHA256 11f718fc6bb11d9e47188f7f2946e274318810c3e58e189ab875ab264dac47c9
ssdeep
384:ZQ6jyooUWvLYcI8U5ypvud+EUmaeilClo5aXb8:ZQY0TYcSyEOeilCS5a4

File size 21.0 KB ( 21479 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
pdf invalid-xref acroform autoaction js-embedded

VirusTotal metadata
First submission 2013-02-01 01:30:37 UTC ( 1 year, 2 months ago )
Last submission 2013-02-01 01:32:35 UTC ( 1 year, 2 months ago )
File names output.9302591.txt
9302591
ExifTool file metadata
MIMEType
application/pdf

FileType
PDF

Warning
Invalid secondary xref table

PDFVersion
1.4

Linearized
No

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!