× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2f1385e0ace957053bd323296d9460a32561bdf682cf4358147ef0599c25eb96
File name: 001_0673.pdf
Detection ratio: 14 / 54
Analysis date: 2017-06-07 08:59:24 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 PDF/Expod.Gen 20170606
Avira (no cloud) W97M/Agent.7510415 20170607
Cyren PP97M/Downldr 20170607
Emsisoft VB:Trojan.Valyria.556 (B) 20170607
F-Prot New or modified PP97M/Downldr 20170607
Fortinet WM/Nemucod.0EFE!tr.dldr 20170607
GData VB:Trojan.Valyria.556 20170607
Ikarus Trojan-Downloader.VBA.Jaff 20170607
Kaspersky HEUR:Trojan-Downloader.Script.Generic 20170607
McAfee-GW-Edition BehavesLike.PDF.Evasion.qb 20170606
Panda O97M/Downloader 20170606
Qihoo-360 virus.office.obfuscated.1 20170607
Symantec Trojan.Pidief.X 20170607
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20170607
Ad-Aware 20170607
AegisLab 20170607
Alibaba 20170607
ALYac 20170607
Arcabit 20170607
Avast 20170607
AVG 20170606
AVware 20170607
Baidu 20170601
BitDefender 20170607
Bkav 20170607
CAT-QuickHeal 20170607
ClamAV 20170607
CMC 20170607
Comodo 20170607
CrowdStrike Falcon (ML) 20170420
DrWeb 20170607
Endgame 20170515
ESET-NOD32 20170607
Sophos ML 20170607
Jiangmin 20170607
K7AntiVirus 20170607
K7GW 20170607
Kingsoft 20170607
Malwarebytes 20170607
McAfee 20170607
Microsoft 20170607
eScan 20170607
NANO-Antivirus 20170607
nProtect 20170607
Palo Alto Networks (Known Signatures) 20170607
Rising 20170604
SentinelOne (Static ML) 20170516
Sophos AV 20170607
SUPERAntiSpyware 20170607
Symantec Mobile Insight 20170606
Tencent 20170607
TheHacker 20170605
TotalDefense 20170607
TrendMicro-HouseCall 20170607
Trustlook 20170607
VBA32 20170606
VIPRE 20170607
ViRobot 20170607
Webroot 20170607
WhiteArmor 20170601
Yandex 20170606
Zillya 20170606
Zoner 20170607
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 5 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 13 object start declarations and 13 object end declarations.
This PDF document has 4 stream object start declarations and 4 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:06:07 10:46:29+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:06:07 10:46:29+03:00

Compressed bundles
File identification
MD5 c173dcd2f9e0960e6ca85b77a2152507
SHA1 be6e75b22009827e86bae462f65e54b94406ef25
SHA256 2f1385e0ace957053bd323296d9460a32561bdf682cf4358147ef0599c25eb96
ssdeep
1536:MZbDp918DuEG7Tj3XyWAyn/wcTLerlkvOO49hl:MjYu37v3KynUZkN49hl

File size 59.5 KB ( 60879 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
attachment pdf file-embedded autoaction js-embedded

VirusTotal metadata
First submission 2017-06-07 08:59:24 UTC ( 1 year, 10 months ago )
Last submission 2018-04-30 08:31:04 UTC ( 11 months, 4 weeks ago )
File names 8392aee0c28536f308bff3d592ddfed4708d80a6
001_0673.pdf
001_8951.pdf
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:06:07 10:46:29+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:06:07 10:46:29+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!