× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b406ab07f2ab43c9eec16475aee4ad3010446709f4ceea74353b76cbbdc36fe
File name: Netcat backdoor and NTLMv2 hash.pdf
Detection ratio: 0 / 56
Analysis date: 2015-09-03 13:01:53 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150903
AegisLab 20150903
Yandex 20150901
AhnLab-V3 20150903
Alibaba 20150902
ALYac 20150903
Antiy-AVL 20150903
Arcabit 20150903
Avast 20150903
AVG 20150903
Avira (no cloud) 20150903
AVware 20150901
Baidu-International 20150903
BitDefender 20150903
Bkav 20150903
ByteHero 20150903
CAT-QuickHeal 20150903
ClamAV 20150903
CMC 20150902
Comodo 20150903
Cyren 20150903
DrWeb 20150903
Emsisoft 20150903
ESET-NOD32 20150903
F-Prot 20150903
F-Secure 20150903
Fortinet 20150903
GData 20150903
Ikarus 20150903
Jiangmin 20150902
K7AntiVirus 20150903
K7GW 20150903
Kaspersky 20150903
Kingsoft 20150903
Malwarebytes 20150903
McAfee 20150903
McAfee-GW-Edition 20150903
Microsoft 20150903
eScan 20150903
NANO-Antivirus 20150903
nProtect 20150903
Panda 20150903
Qihoo-360 20150903
Rising 20150902
Sophos AV 20150903
SUPERAntiSpyware 20150903
Symantec 20150902
Tencent 20150903
TheHacker 20150903
TrendMicro 20150903
TrendMicro-HouseCall 20150903
VBA32 20150903
VIPRE 20150903
ViRobot 20150903
Zillya 20150903
Zoner 20150903
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.5.
PDFiD information
This PDF file contains 1 JavaScript block. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF document contains 4 object streams. A stream object is just a sequence of bytes and very often is only used to store images and page descriptions, however, since it is not limited in length many attackers use these artifacts in conjunction with filters to obfuscate other objects.
This PDF document has 33 pages, please note that most malicious PDFs have only one page.
This PDF document has 1380 object start declarations and 1379 object end declarations.
This PDF document has 1335 stream object start declarations and 1335 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2015:08:23 14:37:25

Producer
Microsoft Office Word 2007

Language
nl-BE

Creator
Microsoft Office Word 2007

FileType
PDF

Author
root

Linearized
No

FileTypeExtension
pdf

PageCount
33

PDFVersion
1.5

CreateDate
2015:08:23 14:37:25

TaggedPDF
Yes

File identification
MD5 eac491ebb1476b22c4aeb1437abe1535
SHA1 d00b955c4b1367035fc2ec1cbbcb9ed7ea4a7b81
SHA256 4b406ab07f2ab43c9eec16475aee4ad3010446709f4ceea74353b76cbbdc36fe
ssdeep
49152:d0qvd238DKW4gAM3Ptw7cnddoNINu0tIdYK1OyH/1IB6bKjf6pNHvdeQ:d0qvd2+nBn327cdIKuxY6/1DbKmNPEQ

File size 3.3 MB ( 3450352 bytes )
File type PDF
Magic literal
PDF document, version 1.5

TrID Adobe Portable Document Format (100.0%)
Tags
pdf

VirusTotal metadata
First submission 2015-09-03 13:01:53 UTC ( 3 years, 7 months ago )
Last submission 2016-10-29 17:33:18 UTC ( 2 years, 5 months ago )
File names Netcat backdoor and NTLMv2 hash.pdf
Netcat%20backdoor%20and%20NTLMv2%20hash.pdf
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2015:08:23 14:37:25

Producer
Microsoft Office Word 2007

Language
nl-BE

Creator
Microsoft Office Word 2007

FileType
PDF

Author
root

Linearized
No

FileTypeExtension
pdf

PageCount
33

PDFVersion
1.5

CreateDate
2015:08:23 14:37:25

TaggedPDF
Yes

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!