× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 22d3b97d929c8639f6ea265f2c30e6db1bb5b8d3b54ff6466790f9fef35b4789
File name: 20170512897384.pdf
Detection ratio: 41 / 60
Analysis date: 2018-09-05 10:50:28 UTC ( 8 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware W97m.Downloader.FTT 20180905
AegisLab Trojan.PDF.Generic.4!c 20180905
AhnLab-V3 PDF/Expod.Gen 20180905
ALYac W97m.Downloader.FTT 20180905
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.dfc 20180905
Arcabit W97m.Downloader.FTT 20180905
Avast VBA:Downloader-FFL [Trj] 20180905
AVG VBA:Downloader-FFL [Trj] 20180905
Avira (no cloud) W2000M/Agent.0446414 20180905
Baidu VBA.Trojan-Downloader.Agent.blg 20180905
BitDefender W97m.Downloader.FTT 20180905
CAT-QuickHeal O97M.Downloader.AJK 20180904
ClamAV Doc.Downloader.Jaff-6316585-1 20180905
Comodo UnclassifiedMalware 20180905
Cyren PP97M/Downldr 20180905
DrWeb W97M.DownLoader.1740 20180905
Emsisoft W97m.Downloader.FTT (B) 20180905
ESET-NOD32 PDF/TrojanDropper.Agent.S 20180905
F-Prot New or modified PP97M/Downldr 20180905
F-Secure Trojan-Dropper:JS/PdfDropper.A 20180905
Fortinet WM/Agent.DECE!tr 20180905
GData W97m.Downloader.FTT 20180905
Ikarus Trojan-Dropper.PDF.Agent 20180905
Kaspersky HEUR:Trojan.Script.Agent.gen 20180905
MAX malware (ai score=99) 20180905
McAfee Exploit-FXN!424364553644 20180905
McAfee-GW-Edition BehavesLike.PDF.Evasion.kb 20180905
Microsoft TrojanDownloader:JS/Nemucod 20180905
eScan W97m.Downloader.FTT 20180905
NANO-Antivirus Trojan.Script.Agent.esamjt 20180905
Panda O97M/Downloader 20180904
Qihoo-360 virus.office.obfuscated.1 20180905
Rising Malware.PDF/Gen(99%) (AI) 20180905
Sophos AV Troj/DocDl-IYO 20180905
Symantec Trojan.Pidief 20180905
Tencent OLE.Win32.Macro.703738 20180905
TrendMicro W2KM_CRYPJAFF.A 20180905
TrendMicro-HouseCall W2KM_CRYPJAFF.A 20180905
ViRobot PDF.S.Agent.67080 20180905
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180905
Zoner Probably PDFEmbed 20180904
Alibaba 20180713
Avast-Mobile 20180905
AVware 20180823
Babable 20180902
Bkav 20180831
CMC 20180905
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180905
eGambit 20180905
Endgame 20180730
Sophos ML 20180717
Jiangmin 20180905
K7AntiVirus 20180905
K7GW 20180905
Kingsoft 20180905
Malwarebytes 20180905
Palo Alto Networks (Known Signatures) 20180905
SentinelOne (Static ML) 20180830
SUPERAntiSpyware 20180905
Symantec Mobile Insight 20180831
TACHYON 20180905
TheHacker 20180904
TotalDefense 20180905
Trustlook 20180905
VBA32 20180905
VIPRE 20180905
Webroot 20180905
Yandex 20180904
Zillya 20180904
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 5 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 15 object start declarations and 15 object end declarations.
This PDF document has 4 stream object start declarations and 4 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:11 23:52:41+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
5572933

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:11 23:52:41+03:00

Compressed bundles
File identification
MD5 424364553644a7d897b87632da4a130a
SHA1 30a1c31fba9849bf02b159a7d2a5b2ae0b83cd5e
SHA256 22d3b97d929c8639f6ea265f2c30e6db1bb5b8d3b54ff6466790f9fef35b4789
ssdeep
1536:NxXGZ7VCeBpl85xSA45io9oo7jBDw4IykMoc/Q3vP:KPBplmSAgL2o7j5zs/P

File size 65.5 KB ( 67080 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
pdf js-embedded file-embedded autoaction attachment

VirusTotal metadata
First submission 2017-05-12 02:45:43 UTC ( 2 years ago )
Last submission 2018-05-09 08:31:17 UTC ( 1 year ago )
File names 3bc6f62a957abe398dc6d8bd55b14b70459d7a19
20170512897384.pdf
20170512151789.pdf
20170512659945.pdf
20170512089190.pdf
20170512490161.pdf
20170512244833.pdf
20170512598412.pdf
20170512123091.pdf
20170512564149.pdf
__substg1.0_37010102
20170512941209.pdf
20170512093601977678043D0ABBtamworthhwinetcouk_20170512758628.pdf
20170511746985.pdf
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:11 23:52:41+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
5572933

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:11 23:52:41+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!