× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3de96921a07553cf5ef25cab246480f04383d44cc921042e1462b7ffbe1fe720
File name: sales_invoice.pdf
Detection ratio: 41 / 56
Analysis date: 2017-04-25 10:50:54 UTC ( 4 days, 8 hours ago )
Antivirus Result Update
Ad-Aware W97M.Downloader.QB 20170425
AegisLab Troj.Downloader.Vbs.Agent!c 20170425
AhnLab-V3 PDF/Pidief 20170425
ALYac W97M.Downloader.QB 20170425
Antiy-AVL Trojan[Downloader]/VBS.Agent.amh 20170425
Arcabit W97M.Downloader.QB 20170425
Avast MO97:Downloader-TY [Trj] 20170425
AVG Script/PDF.Exploit.C 20170425
Avira (no cloud) PDF/Agent.23555 20170425
AVware Trojan.PDF.Generic.a (v) 20170425
Baidu VBA.Trojan-Downloader.Agent.do 20170424
BitDefender W97M.Downloader.QB 20170425
CAT-QuickHeal W97M.Dropper.EY 20170425
ClamAV Doc.Macro.Generic-5900096-0 20170425
Comodo UnclassifiedMalware 20170425
Cyren W97M/Downloader.CI 20170425
DrWeb W97M.DownLoader.326 20170425
Emsisoft W97M.Downloader.QB (B) 20170425
ESET-NOD32 VBA/TrojanDownloader.Agent.PC 20170425
F-Prot W97M/Downloader.CI 20170425
F-Secure W97M.Downloader.QB 20170425
Fortinet WM/Agent.PC!tr 20170425
GData W97M.Downloader.QB 20170425
Ikarus Trojan-Downloader.VBA.Agent 20170425
Kaspersky Trojan-Downloader.VBS.Agent.amh 20170425
McAfee Dropper-FNX!BFE397FB9B79 20170425
McAfee-GW-Edition BehavesLike.PDF.Suspicious.mb 20170425
Microsoft TrojanDownloader:W97M/Adnel.D 20170425
eScan W97M.Downloader.QB 20170425
NANO-Antivirus Trojan.Script.Agent.druync 20170425
Panda W97M/Downloader 20170424
Qihoo-360 virus.office.obfuscated.1 20170425
Rising Exploit.Generic!8.3E1 (cloud:S8LaMm0xhdT) 20170425
Sophos Troj/DocDl-MJ 20170425
Symantec Trojan.Pidief 20170425
Tencent Vbs.Trojan-downloader.Agent.Plkl 20170425
TrendMicro TROJ_PIDIEF.YYYC 20170425
TrendMicro-HouseCall TROJ_PIDIEF.YYYC 20170425
VIPRE Trojan.PDF.Generic.a (v) 20170425
ViRobot PDF.Z.Agent.23555[h] 20170425
ZoneAlarm by Check Point Trojan-Downloader.VBS.Agent.amh 20170425
Alibaba 20170425
Bkav 20170424
CMC 20170421
CrowdStrike Falcon (ML) 20170130
Endgame 20170419
Invincea 20170413
Jiangmin 20170425
K7AntiVirus 20170425
K7GW 20170425
Kingsoft 20170425
Malwarebytes 20170425
nProtect 20170425
Palo Alto Networks (Known Signatures) 20170425
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170425
Symantec Mobile Insight 20170424
TheHacker 20170424
Trustlook 20170425
VBA32 20170421
Webroot 20170425
WhiteArmor 20170409
Yandex 20170424
Zillya 20170424
Zoner 20170425
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 3 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 12 object start declarations and 12 object end declarations.
This PDF document has 2 stream object start declarations and 2 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2015:04:24 09:14:08+03:00

Producer
iTextSharp 5.5.5 2000-2014 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2015:04:24 09:14:08+03:00

Compressed bundles
File identification
MD5 bfe397fb9b7907ab34ba83f0f086336d
SHA1 0372669d1fdff79778d947f33ee8c98bf1d3cc7a
SHA256 3de96921a07553cf5ef25cab246480f04383d44cc921042e1462b7ffbe1fe720
ssdeep
384:AIkYes7rVJwZJoFVlyBSjQXaF1EaJr8Tr2GobYyetQBv8T3zpuzFQMmsxVwE7LdA:Z6sPV6oFVhQXaFmaJ4TrtNDeeMmOVwwm

File size 23.0 KB ( 23555 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
pdf file-embedded attachment js-embedded

VirusTotal metadata
First submission 2015-04-24 06:39:33 UTC ( 2 years ago )
Last submission 2017-04-25 10:50:54 UTC ( 4 days, 8 hours ago )
File names Colin Fox 240415 Sales Invoice 519658.pdf
sales invoice 519658.pdf
7c4c0a349bce2cc3bccef7239807014a
5e7d5cb9ec1c453d42a4046199d2abab
inf.Sales Invoice 519658.pdf
cb75e8b17d5567933e09e9a9c1c537d1
Sales Invoice 519658-1.pdf
3.pdf
bfe397fb9b7907ab34ba83f0f086336d.pdf
d878e1a416d2d01a857f18c9e75eff0e
suspect.pdf
Sales Invoice 519658.pdf
a9db78a2433c64fda1f749c9b6d4b87a
Sales Invoice 519658.pdf
Sales Invoice 519658.pdf
sales_invoice.pdf
attachment(1).pdf
Sales_Invoice_519658.pdf
5d3b0be5e02dd6cb30a7a8de62b4f2dd
3de96921a07553cf5ef25cab246480f04383d44cc921042e1462b7ffbe1fe720.bin
SalesXInvoiceX519658.pdf
6eb214656c0f29d54badfe6d56271cbd
Sales Invoice 519658.pdf
7e56e6bd210a95bb133fbcb3b023b45a
38178030999-107-0_attach.pdf
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2015:04:24 09:14:08+03:00

Producer
iTextSharp 5.5.5 2000-2014 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2015:04:24 09:14:08+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!