× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e0be674422a6579361b0724da99eee4c9b33e137239a7268c530f1afea0c1b3d
File name: TLfeaOwS.pdf
Detection ratio: 15 / 46
Analysis date: 2013-04-25 07:19:51 UTC ( 4 years, 7 months ago )
Antivirus Result Update
AntiVir EXP/Pidief.ehk 20130425
Avast JS:Pdfka-gen [Expl] 20130425
BitDefender PDF:Exploit.PDF-JS.ZF 20130425
DrWeb SCRIPT.Virus 20130425
Emsisoft PDF:Exploit.PDF-JS.ZF (B) 20130425
F-Secure Exploit:W32/CVE-2010-0188.C 20130425
GData PDF:Exploit.PDF-JS.ZF 20130425
Kaspersky UDS:DangerousObject.Multi.Generic 20130425
McAfee-GW-Edition Heuristic.BehavesLike.PDF.Exploit-CRT.I 20130425
eScan PDF:Exploit.PDF-JS.ZF 20130425
NANO-Antivirus Trojan.Script.Heuristic-pdf.gutwr 20130424
Norman CVE-2010-0188.DC 20130424
nProtect PDF:Exploit.PDF-JS.ZF 20130425
Sophos AV Mal/PDFJs-AV 20130425
TrendMicro HEUR_PDFJS.STREM 20130425
Yandex 20130424
AhnLab-V3 20130424
Antiy-AVL 20130425
AVG 20130425
ByteHero 20130425
CAT-QuickHeal 20130425
ClamAV 20130425
Commtouch 20130425
Comodo 20130425
eSafe 20130423
ESET-NOD32 20130424
F-Prot 20130425
Fortinet 20130425
Ikarus 20130425
Jiangmin 20130425
K7AntiVirus 20130424
K7GW 20130424
Kingsoft 20130422
Malwarebytes 20130425
McAfee 20130425
Microsoft 20130425
Panda 20130424
PCTools 20130425
SUPERAntiSpyware 20130425
Symantec 20130425
TheHacker 20130424
TotalDefense 20130424
TrendMicro-HouseCall 20130425
VBA32 20130424
VIPRE 20130425
ViRobot 20130425
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.6.
PDFiD information
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has an invalid cross reference table.
This PDF document contains AcroForm objects. AcroForm Objects can specify and launch scripts or actions, that is why they are often abused by attackers.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 11 object start declarations and 11 object end declarations.
This PDF document has 1 stream object start declaration and 1 stream object end declaration.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

FileCreateDate
2013:04:25 08:19:36+01:00

FileType
PDF

Linearized
No

FileAccessDate
2013:04:25 08:19:36+01:00

Warning
Invalid xref table

PDFVersion
1.6

File identification
MD5 d7e3f582b39c64c6cb8a9d8b6bd9b7b1
SHA1 80267ca58de16775a1f25d413718db00fdc02ab0
SHA256 e0be674422a6579361b0724da99eee4c9b33e137239a7268c530f1afea0c1b3d
ssdeep
192:kcbZMNYdxoWjPojQih8Qa3nC9M5ZWslT2B+5hwX29N:VLdxoGHRZWsiBxX29N

File size 10.5 KB ( 10717 bytes )
File type PDF
Magic literal
PDF document, version 1.6

TrID Adobe Portable Document Format (100.0%)
Tags
exploit pdf invalid-xref acroform file-embedded cve-2010-0188

VirusTotal metadata
First submission 2013-04-25 07:19:51 UTC ( 4 years, 7 months ago )
Last submission 2013-04-25 07:19:51 UTC ( 4 years, 7 months ago )
File names TLfeaOwS.pdf
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

ExifTool file metadata
MIMEType
application/pdf

FileCreateDate
2013:04:25 08:19:36+01:00

FileType
PDF

Linearized
No

FileAccessDate
2013:04:25 08:19:36+01:00

Warning
Invalid xref table

PDFVersion
1.6

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!