× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 81e2795480447486fa8dc31890ca1129a2e6df4bfb66ba36463cdbf11d8af595
File name: 2909223.pdf.pdf
Detection ratio: 41 / 61
Analysis date: 2018-04-30 17:31:20 UTC ( 7 months, 1 week ago )
Antivirus Result Update
Ad-Aware W97M.Downloader.FUG 20180430
AegisLab Troj.Downloader.Vbs.Agent!c 20180430
AhnLab-V3 PDF/Expod.Gen 20180430
ALYac Trojan.JS.Agent.PZT 20180430
Antiy-AVL Trojan[Downloader]/MSWord.Agent.bim 20180429
Arcabit W97M.Downloader.FUG 20180430
Avast VBA:Downloader-FFL [Trj] 20180430
AVG VBA:Downloader-FFL [Trj] 20180430
Avira (no cloud) W2000M/Agent.4582217 20180430
Baidu VBA.Trojan-Downloader.Agent.cnw 20180428
BitDefender W97M.Downloader.FUG 20180430
CAT-QuickHeal O97M.Downloader.AJK 20180430
ClamAV Doc.Downloader.Jaff-6329915-0 20180430
Comodo UnclassifiedMalware 20180430
Cyren PP97M/Donoff 20180430
DrWeb W97M.DownLoader.1744 20180430
Emsisoft W97M.Downloader.FUG (B) 20180430
ESET-NOD32 PDF/TrojanDropper.Agent.X 20180430
F-Prot New or modified PP97M/Donoff 20180430
F-Secure Trojan-Dropper:JS/PdfDropper.A 20180430
Fortinet WM/Agent.C306!tr 20180430
GData Macro.Trojan-Downloader.Agent.ZV 20180430
Ikarus Trojan-Dropper.PDF.Agent 20180430
Kaspersky Trojan-Downloader.VBS.Agent.cjb 20180430
MAX malware (ai score=85) 20180430
McAfee Exploit-FXN!B24B2C872E0C 20180430
McAfee-GW-Edition BehavesLike.PDF.Evasion.qb 20180425
Microsoft TrojanDropper:JS/Nemucod 20180430
eScan W97M.Downloader.FUG 20180430
NANO-Antivirus Trojan.Script.Agent.epysdx 20180430
Panda O97M/Downloader 20180430
Qihoo-360 virus.office.obfuscated.1 20180430
Rising Heur.Macro.Downloader.d (KTSE) 20180430
Sophos AV Troj/DocDl-IZH 20180430
Symantec Trojan.Pidief 20180430
Tencent OLE.Win32.Macro.703747 20180430
TrendMicro PDF_DLOADR.NLF 20180430
TrendMicro-HouseCall PDF_DLOADR.NLF 20180430
ViRobot PDF.S.Agent.51851 20180430
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180430
Zoner Probably PDFEmbed 20180429
Alibaba 20180428
Avast-Mobile 20180430
AVware 20180428
Babable 20180406
Bkav 20180426
CMC 20180430
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cylance 20180430
eGambit 20180430
Endgame 20180402
Sophos ML 20180120
Jiangmin 20180430
K7AntiVirus 20180430
K7GW 20180430
Kingsoft 20180430
Malwarebytes 20180430
nProtect 20180430
Palo Alto Networks (Known Signatures) 20180430
SentinelOne (Static ML) 20180225
SUPERAntiSpyware 20180430
Symantec Mobile Insight 20180429
TheHacker 20180430
TotalDefense 20180430
Trustlook 20180430
VBA32 20180428
VIPRE 20180430
Webroot 20180430
Yandex 20180428
Zillya 20180430
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 5 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 15 object start declarations and 15 object end declarations.
This PDF document has 4 stream object start declarations and 4 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:16 11:51:05+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
7518040

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:16 11:51:05+03:00

Compressed bundles
File identification
MD5 b24b2c872e0cc3c3922376714693826e
SHA1 a8fbc2424e5b2a606c7c00e92169b2f4a5e6db15
SHA256 81e2795480447486fa8dc31890ca1129a2e6df4bfb66ba36463cdbf11d8af595
ssdeep
768:fJOCpbWn+UsIdDBFuYP7U7xdL1G1p3opSJSdO9PPwm6IcGJgV8h7FhfjTrw:bpbPPIdDBt4D1yjPPwmXc6gCxNw

File size 50.6 KB ( 51851 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
pdf autoaction file-embedded attachment js-embedded

VirusTotal metadata
First submission 2017-05-16 09:39:14 UTC ( 1 year, 6 months ago )
Last submission 2018-04-30 17:31:20 UTC ( 7 months, 1 week ago )
File names 2909223.pdf.pdf
7960701_virus.pdf
2894199.pdf.pdf
6747424.pdf
8321047.pdf
2293693.pdf
4767140.pdf.txt
7194876.pdf.pdf
9660164.pdf.pdf
__substg1.0_37010102
3873574.pdf.pdf
virus_4199754.pdx
7903211.pdf
1188051.pdf.pdf
0682292.pdf.pdf
38a2a2ef0ed80c58465c32c3b7fefcfcb5862833
7854214806937ED5D110B0EC1C546665auscertorgau_0929670.pdf.pdf
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:16 11:51:05+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
7518040

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:16 11:51:05+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!