× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d0375fb2448e91b47b97f3fb132a6eafd04974da5496c55adb2bdb310e9f5ea3
File name: CVE-2013-0640_PDF_2A42BF17393C3CAAA663A6D1DADE9C93_Mandiant.pdf_
Detection ratio: 44 / 57
Analysis date: 2017-07-02 20:49:14 UTC ( 2 weeks, 3 days ago )
Antivirus Result Update
Ad-Aware Exploit.PDF-JS.JU 20170702
AegisLab Exploit.Js.Pdfka!c 20170702
AhnLab-V3 PDF/Exploit 20170702
ALYac PDF:Exploit.PDF-JS.VD 20170702
Antiy-AVL Trojan/Win32.TGeneric 20170630
Arcabit Exploit.PDF-JS.JU 20170702
Avast JS:CVE-2013-0640-A [Expl] 20170702
AVG JS:CVE-2013-0640-A [Expl] 20170702
Avira (no cloud) EXP/Pidief.eed 20170702
AVware LooksLike.PDF.Malware.e (v) 20170702
Baidu JS.Exploit.Pdfka.aqm 20170630
BitDefender Exploit.PDF-JS.JU 20170702
CAT-QuickHeal Exp.PDF.CVE-2013-0641.B 20170701
ClamAV Pdf.Dropper.Agent-1469181 20170702
Comodo UnclassifiedMalware 20170702
Cyren CVE130640 20170702
DrWeb PDF.Obfuscated.9 20170702
Emsisoft Exploit.PDF-JS.JU (B) 20170702
ESET-NOD32 JS/Exploit.Pdfka.QCV 20170702
F-Prot CVE130640 20170702
F-Secure Exploit.PDF-JS.JU 20170702
Fortinet JS/Pdfka.GIW!exploit 20170629
GData Exploit.PDF-JS.JU 20170702
Ikarus Exploit.PDF.Miniduke 20170702
Jiangmin Exploit.CVE-2013-0641.a 20170702
K7AntiVirus Trojan ( 0001140e1 ) 20170702
K7GW Trojan ( 0001140e1 ) 20170702
Kaspersky Exploit.JS.Pdfka.giw 20170702
McAfee Exploit-PDF 20170702
McAfee-GW-Edition BehavesLike.PDF.Trojan.cr 20170702
Microsoft Exploit:Win32/SandyEva 20170702
eScan Exploit.PDF-JS.JU 20170702
NANO-Antivirus Exploit.Script.Pdfka.degbmm 20170702
nProtect Trojan-Exploit/W32.Pidief.828744.JWI 20170702
Qihoo-360 virus.js.unescapepmen.4 20170702
Rising Exploit.CVE-2013-0641 !8.2E20 (cloud:vt6NRZKdK5I) 20170702
Sophos AV Troj/PDFJs-ADR 20170702
Symantec Trojan.Pidief 20170701
Tencent Pdf.Exploit.Pdfka.Hrfe 20170702
TrendMicro TROJ_PIDIEF.EVF 20170702
TrendMicro-HouseCall TROJ_PIDIEF.EVF 20170702
VIPRE LooksLike.PDF.Malware.e (v) 20170702
ViRobot PDF.S.Exploit.828744 20170702
ZoneAlarm by Check Point Exploit.JS.Pdfka.giw 20170702
Alibaba 20170702
Bkav 20170701
CMC 20170701
CrowdStrike Falcon (ML) 20170420
Endgame 20170629
Sophos ML 20170607
Kingsoft 20170702
Malwarebytes 20170702
Palo Alto Networks (Known Signatures) 20170702
Panda 20170702
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170702
Symantec Mobile Insight 20170630
TheHacker 20170702
TotalDefense 20170702
Trustlook 20170702
VBA32 20170630
Webroot 20170702
WhiteArmor 20170627
Yandex 20170630
Zillya 20170701
Zoner 20170702
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.7.
PDFiD information
This PDF file contains 2 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains AcroForm objects. AcroForm Objects can specify and launch scripts or actions, that is why they are often abused by attackers.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 8 object start declarations and 8 object end declarations.
This PDF document has 2 stream object start declarations and 2 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

FormUsageRights
Create, Delete, FillIn, Import, Export, SubmitStandAlone, SpawnTemplate, BarcodePlaintext, Online

DocumentUsageRights
FullSave

PageCount
1

FileType
PDF

ModificationPermissions
Restrict all applications to reader permissions

AnnotationUsageRights
Create, Delete, Modify, Copy, Import, Export, Online, SummaryView

SignatureUsageRights
Modify

Linearized
No

SigningDate
2013:02:04 14:36:38Z

EmbeddedFileUsageRights
Create, Delete, Modify, Import

FileTypeExtension
pdf

SigningAuthority
ARE Acrobat Product v8.0 P23 0002337

PDFVersion
1.7

HasXFA
Yes

Compressed bundles
File identification
MD5 2a42bf17393c3caaa663a6d1dade9c93
SHA1 2ba830e82d2efa6109350c7fbf500b41bd71a0e9
SHA256 d0375fb2448e91b47b97f3fb132a6eafd04974da5496c55adb2bdb310e9f5ea3
ssdeep
12288:7F1Gbzb4dCHXn+2vOC3GrsuQAKSWKqV6ooeAvf0SHzAgWvW+dVtratsU0gNDq7aw:kUmMkKC7daiU0/UK

File size 809.3 KB ( 828744 bytes )
File type PDF
Magic literal
PDF document, version 1.7

TrID Adobe Portable Document Format (100.0%)
Tags
js-embedded exploit autoaction pdf acroform cve-2013-0641 cve-2013-0640

VirusTotal metadata
First submission 2013-02-21 04:22:04 UTC ( 4 years, 5 months ago )
Last submission 2017-06-14 09:19:18 UTC ( 1 month ago )
File names CVE-2013-0640_PDF_2A42BF17393C3CAAA663A6D1DADE9C93_Mandiant.pdf_
CVE-2013-0640_PDF_2A42BF17393C3CAAA663A6D1DADE9C93_Mandiant.pdf_
Mandiant.pdf
whoami.pdf
33.pdf
CVE-2013-0640_PDF_2A42BF17393C3CAAA663A6D1DADE9C93_Mandiant.pdf_
d0375fb2448e91b47b97f3fb132a6eafd04974da5496c55adb2bdb310e9f5ea3.bin
CVE-2013-0640_PDF_2A42BF17393C3CAAA663A6D1DADE9C93_Mandiant.pdf_-6954083-1376710687-tmp
2a42bf17393c3caaa663a6d1dade9c93.virus
02-CVE-2013-0640_PDF_2A42BF17393C3CAAA663A6D1DADE9C93_Mandiant.pdf
vti-rescan
CVE-2013-0640_PDF_2A42BF17393C3CAAA663A6D1DADE9C93_Mandiant.pdf
2a42bf17393c3caaa663a6d1dade9c93
Mandiant.pdf
sifa.pdf
2.pdf_
ExifTool file metadata
MIMEType
application/pdf

FormUsageRights
Create, Delete, FillIn, Import, Export, SubmitStandAlone, SpawnTemplate, BarcodePlaintext, Online

DocumentUsageRights
FullSave

PageCount
1

FileType
PDF

ModificationPermissions
Restrict all applications to reader permissions

AnnotationUsageRights
Create, Delete, Modify, Copy, Import, Export, Online, SummaryView

SignatureUsageRights
Modify

Linearized
No

SigningDate
2013:02:04 14:36:38Z

EmbeddedFileUsageRights
Create, Delete, Modify, Import

FileTypeExtension
pdf

SigningAuthority
ARE Acrobat Product v8.0 P23 0002337

PDFVersion
1.7

HasXFA
Yes

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!