× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3de96921a07553cf5ef25cab246480f04383d44cc921042e1462b7ffbe1fe720
File name: 3de96921a07553cf5ef25cab246480f04383d44cc921042e1462b7ffbe1fe720.bin
Detection ratio: 40 / 56
Analysis date: 2017-06-07 03:05:11 UTC ( 2 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware W97M.Downloader.QB 20170607
AegisLab Troj.Downloader.Vbs.Agent!c 20170607
AhnLab-V3 PDF/Pidief 20170606
ALYac W97M.Downloader.QB 20170607
Antiy-AVL Trojan[Downloader]/VBS.Agent.amh 20170607
Arcabit W97M.Downloader.QB 20170607
Avast MO97:Downloader-TY [Trj] 20170607
AVG Script/PDF.Exploit.C 20170606
Avira (no cloud) W2000M/Agent.073338 20170607
AVware Trojan.PDF.Generic.a (v) 20170607
Baidu VBA.Trojan-Downloader.Agent.do 20170601
BitDefender W97M.Downloader.QB 20170607
CAT-QuickHeal W97M.Dropper.EY 20170606
ClamAV Doc.Macro.Generic-5900096-0 20170606
Comodo UnclassifiedMalware 20170607
Cyren W97M/Downloader.CI 20170607
DrWeb W97M.DownLoader.326 20170607
Emsisoft W97M.Downloader.QB (B) 20170607
ESET-NOD32 VBA/TrojanDownloader.Agent.PC 20170607
F-Prot W97M/Downloader.CI 20170607
F-Secure W97M.Downloader.QB 20170607
Fortinet WM/Agent.PC!tr 20170607
GData W97M.Downloader.QB 20170607
Ikarus Trojan-Downloader.VBA.Agent 20170606
Kaspersky Trojan-Downloader.VBS.Agent.amh 20170607
McAfee Dropper-FNX!BFE397FB9B79 20170607
McAfee-GW-Edition BehavesLike.PDF.Suspicious.mb 20170606
Microsoft TrojanDownloader:W97M/Adnel.D 20170606
eScan W97M.Downloader.QB 20170607
NANO-Antivirus Trojan.Script.Agent.druync 20170606
Panda W97M/Downloader 20170606
Qihoo-360 virus.office.obfuscated.1 20170607
Sophos AV Troj/DocDl-MJ 20170607
Symantec Trojan.Pidief 20170607
Tencent Vbs.Trojan-downloader.Agent.Plkl 20170607
TrendMicro TROJ_PIDIEF.YYYC 20170607
TrendMicro-HouseCall TROJ_PIDIEF.YYYC 20170606
VIPRE Trojan.PDF.Generic.a (v) 20170607
ViRobot PDF.Z.Agent.23555[h] 20170606
ZoneAlarm by Check Point Trojan-Downloader.VBS.Agent.amh 20170607
Alibaba 20170607
Bkav 20170602
CMC 20170606
CrowdStrike Falcon (ML) 20170420
Endgame 20170515
Sophos ML 20170604
Jiangmin 20170607
K7AntiVirus 20170606
K7GW 20170607
Kingsoft 20170607
Malwarebytes 20170607
nProtect 20170607
Palo Alto Networks (Known Signatures) 20170607
Rising 20170603
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170606
Symantec Mobile Insight 20170606
TheHacker 20170605
Trustlook 20170607
VBA32 20170606
Webroot 20170607
WhiteArmor 20170601
Yandex 20170606
Zillya 20170606
Zoner 20170607
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 3 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 12 object start declarations and 12 object end declarations.
This PDF document has 2 stream object start declarations and 2 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2015:04:24 09:14:08+03:00

Producer
iTextSharp 5.5.5 2000-2014 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2015:04:24 09:14:08+03:00

Compressed bundles
File identification
MD5 bfe397fb9b7907ab34ba83f0f086336d
SHA1 0372669d1fdff79778d947f33ee8c98bf1d3cc7a
SHA256 3de96921a07553cf5ef25cab246480f04383d44cc921042e1462b7ffbe1fe720
ssdeep
384:AIkYes7rVJwZJoFVlyBSjQXaF1EaJr8Tr2GobYyetQBv8T3zpuzFQMmsxVwE7LdA:Z6sPV6oFVhQXaFmaJ4TrtNDeeMmOVwwm

File size 23.0 KB ( 23555 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
pdf file-embedded attachment js-embedded

VirusTotal metadata
First submission 2015-04-24 06:39:33 UTC ( 2 years, 4 months ago )
Last submission 2017-06-07 03:05:11 UTC ( 2 months, 2 weeks ago )
File names Colin Fox 240415 Sales Invoice 519658.pdf
sales invoice 519658.pdf
7c4c0a349bce2cc3bccef7239807014a
5e7d5cb9ec1c453d42a4046199d2abab
inf.Sales Invoice 519658.pdf
cb75e8b17d5567933e09e9a9c1c537d1
Sales_Invoice_519658.pdf
3.pdf
bfe397fb9b7907ab34ba83f0f086336d.pdf
d878e1a416d2d01a857f18c9e75eff0e
suspect.pdf
Sales Invoice 519658.pdf
a9db78a2433c64fda1f749c9b6d4b87a
Sales Invoice 519658.pdf
Sales Invoice 519658.pdf
sales_invoice.pdf
attachment(1).pdf
sales invoice519658.pdf
Sales Invoice 519658-1.pdf
5d3b0be5e02dd6cb30a7a8de62b4f2dd
3de96921a07553cf5ef25cab246480f04383d44cc921042e1462b7ffbe1fe720.bin
SalesXInvoiceX519658.pdf
sales invoice.pdf
6eb214656c0f29d54badfe6d56271cbd
Sales Invoice 519658.pdf
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2015:04:24 09:14:08+03:00

Producer
iTextSharp 5.5.5 2000-2014 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2015:04:24 09:14:08+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!