| SHA256: | 452314287db72468f6bcd06089cd5ed832d912f0272795133c58949240edac08 |
| File name: | weevappellatebrief.pdf |
| Detection ratio: | 25 / 47 |
| Analysis date: | 2013-10-26 04:00:09 UTC ( 4 years, 10 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Yandex | Trojan.Rosena.Gen.1 | 20131025 |
| AhnLab-V3 | Trojan/Win32.Shell | 20131025 |
| Avast | Win32:SwPatch [Wrm] | 20131026 |
| AVG | Exploit.PDF | 20131025 |
| Bkav | W32.PdfLaunch.Trojan | 20131025 |
| ClamAV | Suspect.PDF.EmbeddedExecutable-2 | 20131025 |
| Commtouch | PDF/Autorun.A!Camelot | 20131026 |
| DrWeb | SCRIPT.Virus | 20131026 |
| Emsisoft | Exploit.PDF-Dropper.Gen (B) | 20131026 |
| ESET-NOD32 | PDF/Exploit.Pidief.PFW | 20131026 |
| F-Prot | W32/Swrort.A.gen!Eldorado | 20131026 |
| F-Secure | Exploit.PDF-Dropper.Gen | 20131026 |
| Fortinet | W32/Swrort.C!tr | 20131026 |
| GData | Exploit.PDF-Dropper.Gen | 20131026 |
| Ikarus | possible-Threat.PDF.Acmd | 20131025 |
| Kaspersky | HEUR:Trojan.Win32.Generic | 20131026 |
| Microsoft | Trojan:Win32/Swrort.A | 20131026 |
| eScan | Exploit.PDF-Dropper.Gen | 20131025 |
| NANO-Antivirus | Trojan.Win32.Swrort.uhpfc | 20131026 |
| nProtect | Exploit.PDF-Dropper.Gen | 20131025 |
| Sophos AV | Mal/EncPk-ACE | 20131026 |
| Symantec | Packed.Generic.347 | 20131026 |
| TrendMicro | HEUR_PDFEXP.D | 20131026 |
| TrendMicro-HouseCall | TROJ_SWRORT.SME | 20131026 |
| VIPRE | Trojan.Win32.Swrort.B (v) | 20131026 |
| AntiVir | 20131025 | |
| Antiy-AVL | 20131025 | |
| Baidu-International | 20131025 | |
| BitDefender | 20090218 | |
| ByteHero | 20131025 | |
| CAT-QuickHeal | 20131023 | |
| Comodo | 20131026 | |
| Jiangmin | 20131025 | |
| K7AntiVirus | 20131025 | |
| K7GW | 20131025 | |
| Kingsoft | 20130829 | |
| Malwarebytes | 20131026 | |
| McAfee | 20131026 | |
| McAfee-GW-Edition | 20131026 | |
| Norman | 20131025 | |
| Panda | 20131025 | |
| Rising | 20131025 | |
| SUPERAntiSpyware | 20131025 | |
| TheHacker | 20131025 | |
| TotalDefense | 20131025 | |
| VBA32 | 20131025 | |
| ViRobot | 20131026 |
The file being studied is a PDF document!
The document's header reveals it is using the following file format
specification: %PDF-1.4.
PDFiD information
This PDF file contains
2
JavaScript blocks.
Malicious PDF documents often contain JavaScript to exploit JavaScript
vulnerabilities and/or to execute heap sprays. Please note you can also find
JavaScript in PDFs without malicious intent.
This PDF file contains an open
action to be performed when the document is viewed. Malicious PDF documents
with JavaScript very often use open actions to launch the JavaScript without
user interaction.
This PDF file contains an
automatic action to be performed when a given page of the
document is viewed. Malicious PDF documents with JavaScript very often use an
automatic action to launch the JavaScript without user interaction.
The combination of automatic
actions and JavaScript makes this PDF document
suspicious.
This PDF document contains
1 launch action.
A Launch action is intended to be used to run an application or to open or
print a document. This feature could also be used to run an executable
embedded within the PDF file.
This PDF document
has 68 pages,
please note that most malicious PDFs have only one page.
This PDF document
has 384 object start declarations and
384 object end declarations.
This PDF document
has 213 stream object start declarations
and 213 stream object end
declarations.
This PDF document has a cross
reference table (xref).
This PDF document has a pointer
to the cross reference table (startxref).
This PDF document has a
trailer dictionary containing entries allowing the cross reference table,
and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf
ModifyDate
2013:10:25 20:56:06-04:00
Producer
Mac OS X 10.7.5 Quartz PDFContext; modified using iText 2.1.7 by 1T3XT
Creator
Word
FileType
PDF
Author
Stephanie Shattuck
Linearized
No
PageCount
67
Title
Auernheimer Reply Brief Final
PDFVersion
1.4
CreateDate
2013:10:26 00:46:18Z
File identification
MD5 5238f995c121635b2cf3af1ceca60c10
SHA1 854a8e715aad105c33ba05c7d3e439571ca7dd2d
SHA256 452314287db72468f6bcd06089cd5ed832d912f0272795133c58949240edac08
ssdeep
6144:bADU6vL22p4dSr2rzIOVOed6tjJrNscJTnbWz3tmH75TDgyJrLi4uFRnZpQuyumF:X6xs224wOV1JrOcJLbWTtC3uRZpQurmF
File size
543.5 KB ( 556559 bytes )
File type PDF
Magic literal
PDF document, version 1.4
| TrID |
Adobe Portable Document Format (100.0%) |
Tags
pdf
js-embedded
autoaction
launch-action
VirusTotal metadata
First submission
2013-10-26 04:00:09 UTC ( 4 years, 10 months ago )
Last submission
2013-11-06 17:14:59 UTC ( 4 years, 10 months ago )
| File names |
vti-rescan weevappellatebrief.pdf |
ExifTool file metadata
MIMEType
application/pdf
ModifyDate
2013:10:25 20:56:06-04:00
Producer
Mac OS X 10.7.5 Quartz PDFContext; modified using iText 2.1.7 by 1T3XT
Creator
Word
FileType
PDF
Author
Stephanie Shattuck
Linearized
No
PageCount
67
Title
Auernheimer Reply Brief Final
PDFVersion
1.4
CreateDate
2013:10:26 00:46:18Z
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!