× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 86a96ec03ba8242c1486456d67ee17f919128754846dbb3bdf5e836059091dba
File name: pdf-doc-vba-eicar-dropper.pdf
Detection ratio: 1 / 55
Analysis date: 2015-08-28 08:32:21 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition BehavesLike.PDF.Trojan.lb 20150828
Ad-Aware 20150828
AegisLab 20150828
Yandex 20150827
AhnLab-V3 20150828
Alibaba 20150828
ALYac 20150828
Antiy-AVL 20150828
Arcabit 20150828
Avast 20150828
AVG 20150828
AVware 20150828
Baidu-International 20150827
BitDefender 20150828
Bkav 20150826
ByteHero 20150828
CAT-QuickHeal 20150828
ClamAV 20150828
CMC 20150827
Comodo 20150828
Cyren 20150828
DrWeb 20150828
Emsisoft 20150828
ESET-NOD32 20150828
F-Prot 20150828
F-Secure 20150828
Fortinet 20150828
GData 20150828
Ikarus 20150828
Jiangmin 20150827
K7AntiVirus 20150828
K7GW 20150828
Kaspersky 20150828
Kingsoft 20150828
Malwarebytes 20150828
McAfee 20150828
Microsoft 20150827
eScan 20150828
NANO-Antivirus 20150828
nProtect 20150827
Panda 20150828
Qihoo-360 20150828
Rising 20150826
Sophos AV 20150828
SUPERAntiSpyware 20150826
Symantec 20150827
Tencent 20150828
TheHacker 20150828
TrendMicro 20150828
TrendMicro-HouseCall 20150828
VBA32 20150828
VIPRE 20150828
ViRobot 20150828
Zillya 20150827
Zoner 20150828
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.1.
PDFiD information
This PDF file contains 2 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 9 object start declarations and 9 object end declarations.
This PDF document has 2 stream object start declarations and 2 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.1

File identification
MD5 a1ddc9ebe19a3d43ec25889085ad3ed8
SHA1 0fa681a24df1b6ee6960bf1098af9689cfb8a576
SHA256 86a96ec03ba8242c1486456d67ee17f919128754846dbb3bdf5e836059091dba
ssdeep
192:Sz28VsBAg8oTiyKWHMZGiIdTgPCmLeJdcDqYgap9TmzpZcP9GQ3YV91Q:u28VsBAai6MsdTgPti8Hp9epZcP9HYV8

File size 10.1 KB ( 10381 bytes )
File type PDF
Magic literal
PDF document, version 1.1

TrID Adobe Portable Document Format (100.0%)
Tags
pdf file-embedded autoaction js-embedded

VirusTotal metadata
First submission 2015-08-28 08:32:21 UTC ( 2 years, 3 months ago )
Last submission 2017-12-05 10:04:21 UTC ( 6 days, 5 hours ago )
File names manual.pdf
eicar_posetive.pdf
pdf-doc-vba-eicar-dropper.pdf
598279_brochure.pdf
malware.pdf
84784031.pdf
CONTENTS
598279_manual.pdf
pdf-doc-vba-eicar-dropper.pdf
pandapdf.pdf
CV-virus-included.pdf
86a96ec03ba8242c1486456d67ee17f919128754846dbb3bdf5e836059091dba.pdf
86a96ec03ba8242c1486456d67ee17f919128754846dbb3bdf5e836059091dba.bin
eicar.pdf
0fa681a24df1b6ee6960bf1098af9689cfb8a576
pdfdocvbaeicardropper.pdf
exte_12.pdf
TTS.pdf
EICAR.pdf
sitrep_city1_maltest.pdf
pdf-doc-eicar.pdf
519.pdf
683pdf
598279_brochure.pdf
pdf-doc-vba-eicar-dropper.pdf
ExifTool file metadata
MIMEType
application/pdf

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.1

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!