× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 24aa5f96c99ee4419ede5a701c6e8534cb3b4e596f1daa52cf062ebce951ef86
File name: uk_confirmation_ph536740417.pdf
Detection ratio: 39 / 59
Analysis date: 2017-10-18 01:42:47 UTC ( 3 days, 14 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4827506 20171018
AegisLab Troj.Downloader.Msword.Agent!c 20171017
AhnLab-V3 PDF/Expod.Gen 20171017
ALYac Trojan.GenericKD.4827506 20171017
Antiy-AVL Trojan[Downloader]/MSWord.Agent.bgi 20171018
Arcabit Trojan.Generic.D49A972 20171017
Avast VBA:Downloader-EWP [Trj] 20171018
AVG VBA:Downloader-EWP [Trj] 20171018
Avira (no cloud) W2000M/Agent.0554313 20171018
Baidu Multi.Threats.InArchive 20171017
BitDefender Trojan.GenericKD.4827506 20171017
CAT-QuickHeal W97M.Cerber.N 20171017
ClamAV Doc.Downloader.Jaff-6329915-0 20171017
Comodo UnclassifiedMalware 20171017
Cyren PP97M/Downldr 20171018
Emsisoft Trojan.GenericKD.4827506 (B) 20171018
ESET-NOD32 PDF/TrojanDropper.Agent.J 20171017
F-Prot New or modified PP97M/Downldr 20171017
F-Secure Trojan-Dropper:JS/PdfDropper.A 20171018
Fortinet WM/Agent.DAC!tr.dldr 20171018
GData Trojan.GenericKD.4827506 20171018
Ikarus Trojan-Downloader.VBA.Agent 20171017
Kaspersky Trojan-Downloader.MSWord.Agent.bgi 20171017
MAX malware (ai score=89) 20171017
McAfee Artemis!4BCA9EAF8E6E 20171018
McAfee-GW-Edition BehavesLike.PDF.Trojan.lb 20171017
Microsoft TrojanDownloader:O97M/Donoff!rfn 20171018
eScan Trojan.GenericKD.4827506 20171017
NANO-Antivirus Trojan.Script.Agent.eqadaj 20171017
Panda O97M/Downloader 20171017
Qihoo-360 virus.office.obfuscated.1 20171018
Rising Heur.Macro.Downloader.d (KTSE) 20171018
Sophos AV Troj/PDFDoc-B 20171018
Symantec Trojan.Gen.2 20171018
Tencent OLE.Win32.Macro.703738 20171018
TrendMicro PDF_DOCDROP.A 20171018
TrendMicro-HouseCall PDF_DOCDROP.A 20171018
ViRobot PDF.Z.Agent.72905 20171017
ZoneAlarm by Check Point Trojan-Downloader.MSWord.Agent.bgi 20171017
Alibaba 20170911
Avast-Mobile 20171017
AVware 20171018
Bkav 20171017
CMC 20171017
CrowdStrike Falcon (ML) 20170804
Cylance 20171018
eGambit 20171018
Endgame 20171016
Sophos ML 20170914
Jiangmin 20171018
K7AntiVirus 20171017
K7GW 20171016
Kingsoft 20171018
Malwarebytes 20171017
nProtect 20171017
Palo Alto Networks (Known Signatures) 20171018
SentinelOne (Static ML) 20171001
SUPERAntiSpyware 20171018
Symantec Mobile Insight 20171011
TheHacker 20171017
TotalDefense 20171017
Trustlook 20171018
VBA32 20171017
VIPRE 20171017
Webroot 20171018
Yandex 20171017
Zillya 20171017
Zoner 20171017
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 2 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 13 object start declarations and 13 object end declarations.
This PDF document has 3 stream object start declarations and 3 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:04:11 12:25:18+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:04:11 12:25:18+03:00

Compressed bundles
File identification
MD5 4bca9eaf8e6ef5697d2fd28f49fd7b92
SHA1 9b58654fe470035c37a1fe3747c03eab7e2c2382
SHA256 24aa5f96c99ee4419ede5a701c6e8534cb3b4e596f1daa52cf062ebce951ef86
ssdeep
1536:zzjZKVl81j9H65KXK1WHNmP2xY37GC0NzAiZYe9cBLG+PoV:zz1KVO9HbK1YmP337GMEbcHoV

File size 71.2 KB ( 72905 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
js-embedded attachment via-tor pdf file-embedded autoaction

VirusTotal metadata
First submission 2017-04-11 11:16:08 UTC ( 6 months, 1 week ago )
Last submission 2017-06-06 01:05:19 UTC ( 4 months, 2 weeks ago )
File names c42b5ee77caf542ea8052f58e9fd6f5b
c6f85559008cf327547ad37452a36981f9d5340e
7f40a7676fc1fd44d4c262cd17945a2e
uk_confirmation_ph477284692.pdf
uk_confirmation_ph338394170.pdf
uk_confirmation_ph536740417.pdf
20170411281219.pdf
536e2be0e9545484405f7ba3847800b1
uk_confirmation_ph290990172.pdf
87abddca1fad2a4b0cbddcca9b676481
uk_confirmation_ph247925769.pdf
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:04:11 12:25:18+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:04:11 12:25:18+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!