× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3de96921a07553cf5ef25cab246480f04383d44cc921042e1462b7ffbe1fe720
File name: SalesXInvoiceX519658.pdf
Detection ratio: 37 / 55
Analysis date: 2017-01-26 13:01:31 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware W97M.Downloader.QB 20170126
AegisLab Troj.Downloader.Vbs.Agent!c 20170126
AhnLab-V3 PDF/Pidief 20170126
ALYac W97M.Downloader.QB 20170125
Antiy-AVL Trojan[Downloader]/VBS.Agent.amh 20170126
Arcabit W97M.Downloader.QB 20170126
Avast MO97:Downloader-TY [Trj] 20170126
AVG Script/PDF.Exploit.C 20170126
Avira (no cloud) PDF/Agent.23555 20170126
AVware Trojan.PDF.Generic.a (v) 20170126
Baidu VBA.Trojan-Downloader.Agent.do 20170125
BitDefender W97M.Downloader.QB 20170126
CAT-QuickHeal PDF.Dropper.A 20170125
Comodo UnclassifiedMalware 20170126
Cyren W97M/Downloader.CI 20170126
DrWeb W97M.DownLoader.326 20170126
Emsisoft W97M.Downloader.QB (B) 20170126
ESET-NOD32 VBA/TrojanDownloader.Agent.PC 20170126
F-Prot W97M/Downloader.CI 20170126
F-Secure W97M.Downloader.QB 20170126
Fortinet WM/Agent.PC!tr 20170126
GData W97M.Downloader.QB 20170126
Ikarus Trojan-Downloader.VBA.Agent 20170126
Kaspersky Trojan-Downloader.VBS.Agent.amh 20170126
McAfee Dropper-FNX!BFE397FB9B79 20170126
McAfee-GW-Edition BehavesLike.PDF.Suspicious.mb 20170126
Microsoft TrojanDownloader:W97M/Adnel.D 20170126
eScan W97M.Downloader.QB 20170126
NANO-Antivirus Trojan.Script.Agent.druync 20170126
Panda W97M/Downloader 20170125
Rising Exploit.Generic!8.3E1-S8LaMm0xhdT (cloud) 20170126
Sophos Troj/DocDl-MJ 20170126
Symantec Trojan.Pidief 20170125
Tencent Vbs.Trojan-downloader.Agent.Plkl 20170126
TrendMicro TROJ_PIDIEF.YYYC 20170126
TrendMicro-HouseCall TROJ_PIDIEF.YYYC 20170126
VIPRE Trojan.PDF.Generic.a (v) 20170126
Alibaba 20170122
Bkav 20170123
ClamAV 20170125
CMC 20170126
CrowdStrike Falcon (ML) 20161024
Invincea 20170111
Jiangmin 20170126
K7AntiVirus 20170126
K7GW 20170126
Kingsoft 20170126
Malwarebytes 20170126
nProtect 20170126
Qihoo-360 20170126
SUPERAntiSpyware 20170126
TheHacker 20170125
TotalDefense 20170126
Trustlook 20170126
VBA32 20170125
ViRobot 20170126
WhiteArmor 20170123
Yandex 20170125
Zillya 20170125
Zoner 20170126
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 3 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 12 object start declarations and 12 object end declarations.
This PDF document has 2 stream object start declarations and 2 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2015:04:24 09:14:08+03:00

Producer
iTextSharp 5.5.5 2000-2014 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2015:04:24 09:14:08+03:00

Compressed bundles
File identification
MD5 bfe397fb9b7907ab34ba83f0f086336d
SHA1 0372669d1fdff79778d947f33ee8c98bf1d3cc7a
SHA256 3de96921a07553cf5ef25cab246480f04383d44cc921042e1462b7ffbe1fe720
ssdeep
384:AIkYes7rVJwZJoFVlyBSjQXaF1EaJr8Tr2GobYyetQBv8T3zpuzFQMmsxVwE7LdA:Z6sPV6oFVhQXaFmaJ4TrtNDeeMmOVwwm

File size 23.0 KB ( 23555 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
pdf file-embedded attachment js-embedded

VirusTotal metadata
First submission 2015-04-24 06:39:33 UTC ( 1 year, 11 months ago )
Last submission 2016-11-11 21:04:30 UTC ( 4 months, 1 week ago )
File names Colin Fox 240415 Sales Invoice 519658.pdf
sales invoice 519658.pdf
7c4c0a349bce2cc3bccef7239807014a
5e7d5cb9ec1c453d42a4046199d2abab
inf.Sales Invoice 519658.pdf
cb75e8b17d5567933e09e9a9c1c537d1
Sales Invoice 519658-1.pdf
3.pdf
bfe397fb9b7907ab34ba83f0f086336d.pdf
d878e1a416d2d01a857f18c9e75eff0e
suspect.pdf
Sales Invoice 519658.pdf
a9db78a2433c64fda1f749c9b6d4b87a
Sales Invoice 519658.pdf
Sales Invoice 519658.pdf
attachment(1).pdf
Sales_Invoice_519658.pdf
5d3b0be5e02dd6cb30a7a8de62b4f2dd
3de96921a07553cf5ef25cab246480f04383d44cc921042e1462b7ffbe1fe720.bin
SalesXInvoiceX519658.pdf
6eb214656c0f29d54badfe6d56271cbd
Sales Invoice 519658.pdf
7e56e6bd210a95bb133fbcb3b023b45a
38178030999-107-0_attach.pdf
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2015:04:24 09:14:08+03:00

Producer
iTextSharp 5.5.5 2000-2014 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2015:04:24 09:14:08+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!