× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8dd6f28cf14bd82d2d74210c2632fc016dbdce996a137eaf0b81a776a73c8d05
File name: mathnavi-vol-4-ar.pdf
Detection ratio: 0 / 59
Analysis date: 2018-01-20 20:44:10 UTC ( 5 months, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20180120
AegisLab 20180120
AhnLab-V3 20180120
Alibaba 20180120
ALYac 20180120
Antiy-AVL 20180120
Arcabit 20180120
Avast 20180120
Avast-Mobile 20180120
AVG 20180120
Avira (no cloud) 20180120
AVware 20180120
Baidu 20180118
BitDefender 20180120
Bkav 20180120
CAT-QuickHeal 20180120
ClamAV 20180120
CMC 20180116
Comodo 20180120
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180120
Cyren 20180120
DrWeb 20180120
eGambit 20180120
Emsisoft 20180120
Endgame 20171130
ESET-NOD32 20180120
F-Prot 20180120
Fortinet 20180120
GData 20180120
Ikarus 20180120
Sophos ML 20170914
Jiangmin 20180120
K7AntiVirus 20180120
K7GW 20180120
Kaspersky 20180120
Kingsoft 20180120
Malwarebytes 20180120
MAX 20180120
McAfee 20180120
McAfee-GW-Edition 20180120
Microsoft 20180120
eScan 20180120
NANO-Antivirus 20180120
nProtect 20180120
Palo Alto Networks (Known Signatures) 20180120
Panda 20180120
Qihoo-360 20180120
Rising 20180120
SentinelOne (Static ML) 20180115
Sophos AV 20180120
SUPERAntiSpyware 20180120
Symantec 20180120
Symantec Mobile Insight 20180119
Tencent 20180120
TheHacker 20180119
TotalDefense 20180118
TrendMicro 20180120
TrendMicro-HouseCall 20180120
Trustlook 20180120
VBA32 20180120
VIPRE 20180120
ViRobot 20180120
Webroot 20180120
Yandex 20180112
Zillya 20180119
ZoneAlarm by Check Point 20180120
Zoner 20180120
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.6.
PDFiD information
This PDF file contains 1 JavaScript block. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an automatic action to be performed when a given page of the document is viewed. Malicious PDF documents with JavaScript very often use an automatic action to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains AcroForm objects. AcroForm Objects can specify and launch scripts or actions, that is why they are often abused by attackers.
This PDF document contains 44 object streams. A stream object is just a sequence of bytes and very often is only used to store images and page descriptions, however, since it is not limited in length many attackers use these artifacts in conjunction with filters to obfuscate other objects.
This PDF document uses JBIG2 compression. This is not necessarily and indication of a malicious PDF, but further investigation is recommended as it may reveal the presence of vulnerable filters.
This PDF document has 640 pages, please note that most malicious PDFs have only one page.
This PDF document has 2603 object start declarations and 2603 object end declarations.
This PDF document has 1961 stream object start declarations and 1961 stream object end declarations.
This PDF document has a pointer to the cross reference table (startxref).
ExifTool file metadata
MIMEType
application/pdf

XMPToolkit
Adobe XMP Core 5.2-c001 63.139439, 2010/09/27-13:37:26

ModifyDate
2012:06:20 05:26:18+04:30

CreatorTool
Adobe Acrobat 7.0

Producer
Adobe Acrobat 7.0 Image Conversion Plug-in

Format
application/pdf

InstanceID
uuid:d28b1894-396c-4ac4-97b4-bb04c07c38d3

FileType
PDF

PageCount
640

Linearized
Yes

FileTypeExtension
pdf

HasXFA
No

PDFVersion
1.6

CreateDate
2007:10:20 20:15:26+02:00

DocumentID
uuid:a0f59c33-be02-4d53-95f9-f8b5f38cfb3c

MetadataDate
2012:06:20 05:26:18+04:30

Compressed bundles
File identification
MD5 a35835fc805e7f43df2df469c7a4781a
SHA1 acf6929a3507cd9a49c5680b1499e1f33dad310d
SHA256 8dd6f28cf14bd82d2d74210c2632fc016dbdce996a137eaf0b81a776a73c8d05
ssdeep
393216:3CWBeEJ6+IKMoC+opESodf8XACRHOBC4Qtouk5Pa5VeTBJo:3CWxJjNoCdbCw4faBVIVeY

File size 13.1 MB ( 13697973 bytes )
File type PDF
Magic literal
PDF document, version 1.6

TrID Adobe Portable Document Format (62.5%)
Gerber format (37.5%)
Tags
pdf acroform autoaction

VirusTotal metadata
First submission 2015-07-23 10:50:06 UTC ( 2 years, 11 months ago )
Last submission 2018-01-20 20:44:10 UTC ( 5 months, 3 weeks ago )
File names mathnavi-vol-4-ar.pdf
ExifTool file metadata
MIMEType
application/pdf

XMPToolkit
Adobe XMP Core 5.2-c001 63.139439, 2010/09/27-13:37:26

ModifyDate
2012:06:20 05:26:18+04:30

CreatorTool
Adobe Acrobat 7.0

Producer
Adobe Acrobat 7.0 Image Conversion Plug-in

Format
application/pdf

InstanceID
uuid:d28b1894-396c-4ac4-97b4-bb04c07c38d3

FileType
PDF

PageCount
640

Linearized
Yes

FileTypeExtension
pdf

HasXFA
No

PDFVersion
1.6

CreateDate
2007:10:20 20:15:26+02:00

DocumentID
uuid:a0f59c33-be02-4d53-95f9-f8b5f38cfb3c

MetadataDate
2012:06:20 05:26:18+04:30

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!