× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d4b01615c209e55e6df1710c3a6e753c1622828715caf90e33879d1629a16577
File name: oink.pdf
Detection ratio: 11 / 41
Analysis date: 2012-06-26 01:35:23 UTC ( 6 years, 8 months ago )
Antivirus Result Update
AntiVir EXP/Pidief.DAB.1 20120626
Avast JS:Pdfka-gen [Expl] 20120625
BitDefender PDF:Exploit.PDF-JS.GB 20120626
Comodo TestSignature.JS.Pdfka.FBQ 20120626
Emsisoft Exploit.PDF!IK 20120626
F-Secure PDF:Exploit.PDF-JS.GB 20120625
GData PDF:Exploit.PDF-JS.GB 20120626
Ikarus Exploit.PDF 20120626
Kaspersky Exploit.JS.Pdfka.fvc 20120626
nProtect PDF:Exploit.PDF-JS.GB 20120626
Sophos AV Troj/PDFJs-VE 20120626
AhnLab-V3 20120625
Antiy-AVL 20120626
AVG 20120625
ByteHero 20120613
CAT-QuickHeal 20120625
ClamAV 20120625
Commtouch 20120626
DrWeb 20120626
eSafe 20120624
F-Prot 20120626
Fortinet 20120626
Jiangmin 20120625
K7AntiVirus 20120625
McAfee 20120626
Microsoft 20120625
NOD32 20120625
Norman 20120625
Panda 20120625
PCTools 20120626
Rising 20120621
SUPERAntiSpyware 20120624
Symantec 20120626
TheHacker 20120625
TotalDefense 20120625
TrendMicro 20120626
TrendMicro-HouseCall 20120625
VBA32 20120625
VIPRE 20120625
ViRobot 20120625
VirusBuster 20120625
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.6.
PDFiD information
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has an invalid cross reference table.
This PDF document contains AcroForm objects. AcroForm Objects can specify and launch scripts or actions, that is why they are often abused by attackers.
This PDF document contains 2 object streams. A stream object is just a sequence of bytes and very often is only used to store images and page descriptions, however, since it is not limited in length many attackers use these artifacts in conjunction with filters to obfuscate other objects.
This PDF document has 2 pages, please note that most malicious PDFs have only one page.
This PDF document has 32 object start declarations and 32 object end declarations.
This PDF document has 15 stream object start declarations and 15 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

FileType
PDF

Warning
Invalid xref table

PDFVersion
1.6

Linearized
No

File identification
MD5 34afb1b1ad31c6cd76411599c1bd422a
SHA1 812f0bd67451359e2b98b7318a8c7218d90e69c5
SHA256 d4b01615c209e55e6df1710c3a6e753c1622828715caf90e33879d1629a16577
ssdeep
768:CiZ70cDGAlc64V3IcdqfjEYjkJGcgbOi3hsUXsf8esJa8d6sOgIx5G:CcqPV5dqfjEYjkJGcgSahFXskA8d6XTO

File size 40.4 KB ( 41348 bytes )
File type PDF
Magic literal
PDF document, version 1.6

TrID Adobe Portable Document Format (100.0%)
VirusTotal metadata
First submission 2012-06-26 01:19:52 UTC ( 6 years, 8 months ago )
Last submission 2012-06-26 01:35:23 UTC ( 6 years, 8 months ago )
File names oink.pdf
98765.pdf
ExifTool file metadata
MIMEType
application/pdf

FileType
PDF

Warning
Invalid xref table

PDFVersion
1.6

Linearized
No

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!