× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 220a1b24e02c2757eccebb6827b4021d570b0f662dd1b0772c22c96b8f6b7c1d
Detection ratio: 17 / 42
Analysis date: 2010-08-25 21:45:03 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Authentium PDF/Obfusc.G!Camelot 20100825
Avast JS:Pdfka-gen 20100825
Avast5 JS:Pdfka-gen 20100825
BitDefender Exploit.PDF-JS.Gen 20100825
ClamAV Heuristics.PDF.ObfuscatedNameObject 20100825
DrWeb Exploit.PDF.1302 20100825
Emsisoft HTML.Malicious!IK 20100825
F-Prot JS/ShellCode.S 20100825
F-Secure Exploit.PDF-JS.Gen 20100825
GData Exploit.PDF-JS.Gen 20100825
Ikarus HTML.Malicious 20100825
Kaspersky Exploit.JS.Pdfka.cri 20100825
McAfee-GW-Edition Heuristic.BehavesLike.PDF.Suspicious.L 20100825
Sophos Troj/PDFJs-JE 20100825
VBA32 Exploit.JS.Pdfka.cri 20100825
eSafe PDF.Exploit.4 20100825
nProtect Exploit.PDF-Name.Gen 20100825
AVG 20100825
AhnLab-V3 20100825
AntiVir 20100825
Antiy-AVL 20100823
CAT-QuickHeal 20100824
Comodo 20100825
Fortinet 20100825
Jiangmin 20100825
McAfee 20100825
Microsoft 20100825
NOD32 20100825
Norman 20100825
PCTools 20100825
Panda 20100825
Prevx 20100825
Rising 20100825
SUPERAntiSpyware 20100825
Sunbelt 20100825
Symantec 20100825
TheHacker 20100825
TrendMicro 20100825
TrendMicro-HouseCall 20100825
ViRobot 20100825
VirusBuster 20100825
eTrust-Vet 20100825
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.6.
PDFiD information
This PDF file contains 7(1) JavaScript block. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an automatic action to be performed when a given page of the document is viewed. Malicious PDF documents with JavaScript very often use an automatic action to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains AcroForm objects. AcroForm Objects can specify and launch scripts or actions, that is why they are often abused by attackers.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 73 object start declarations and 73 object end declarations.
This PDF document has 23 stream object start declarations and 23 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

FileCreateDate
2014:11:26 11:45:54+01:00

FileType
PDF

Linearized
No

FileAccessDate
2014:11:26 11:45:54+01:00

Warning
Error reading xref table

PDFVersion
1.6

Compressed bundles
File identification
MD5 350924123cbf1b126f4e38335ed6660d
SHA1 12c008ec2ec9ab2cbe7c927001f14632f878d6e7
SHA256 220a1b24e02c2757eccebb6827b4021d570b0f662dd1b0772c22c96b8f6b7c1d
ssdeep
1536:OLIuMF7/mDEOpOI7huFsdjjFKNpZtOPatxkuEQDqpO:OLIuMpbO4kmsd0VtOgv

File size 88.7 KB ( 90780 bytes )
File type PDF
Magic literal
PDF document, version 1.6

TrID Adobe Portable Document Format (100.0%)
Tags
pdf cve-2007-5659 cve-2009-0927 js-embedded exploit autoaction cve-2009-4324 invalid-xref acroform

VirusTotal metadata
First submission 2010-08-25 21:45:03 UTC ( 4 years, 9 months ago )
Last submission 2014-11-26 10:45:29 UTC ( 6 months, 1 week ago )
File names CVE-2009-0927_CVE-2009-4324_CVE-2007-5659_conference_prog.pdf=
vti-rescan
CVE-2009-0927_CVE-2009-4324_CVE-2007-5659_350924123CBF1B126F4E38335ED6660D_conference_prog.pdf
CVE-2009-0927_CVE-2009-4324_CVE-2007-5659_350924123CBF1B126F4E38335ED6660D_conference_prog.pdf=
CVE-2009-0927_CVE-2009-4324_CVE-2007-5659_conference_prog.pdf=
CVE-2009-0927_CVE-2009-4324_CVE-2007-5659_conference_prog.pdf=.pdf
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

ExifTool file metadata
MIMEType
application/pdf

FileCreateDate
2014:11:26 11:45:54+01:00

FileType
PDF

Linearized
No

FileAccessDate
2014:11:26 11:45:54+01:00

Warning
Error reading xref table

PDFVersion
1.6

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!