× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e95ada7eaa47b78e069cd2b78560d4e85b5ddfd27278234d9d38e6015a8734a8
File name: 20170512269031.pdf
Detection ratio: 40 / 60
Analysis date: 2018-08-07 00:41:41 UTC ( 9 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5055898 20180807
AegisLab Trojan.PDF.Generic.4!c 20180806
AhnLab-V3 PDF/Expod.Gen 20180806
ALYac Trojan.PDF.Downloader.U 20180807
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.dfc 20180807
Arcabit Trojan.Generic.D4D259A 20180806
Avast VBA:Downloader-FFL [Trj] 20180806
AVG VBA:Downloader-FFL [Trj] 20180806
Avira (no cloud) W2000M/Agent.0446414 20180807
Baidu VBA.Trojan-Downloader.Agent.blg 20180806
BitDefender Trojan.GenericKD.5055898 20180806
CAT-QuickHeal O97M.Downloader.AJK 20180806
ClamAV Doc.Downloader.Jaff-6316585-1 20180806
Comodo TrojWare.Win32.TrojanDropper.Agent.~S 20180806
Cyren PP97M/Downldr 20180807
DrWeb W97M.DownLoader.1740 20180806
Emsisoft Trojan.GenericKD.5055898 (B) 20180807
ESET-NOD32 PDF/TrojanDropper.Agent.S 20180806
F-Prot New or modified PP97M/Downldr 20180806
F-Secure Trojan-Dropper:JS/PdfDropper.A 20180807
Fortinet WM/Agent.DECE!tr 20180806
GData Trojan.PDF.Downloader.U (2x) 20180806
Kaspersky HEUR:Trojan.Script.Agent.gen 20180807
MAX malware (ai score=99) 20180807
McAfee Exploit-FXN!8723896B67BA 20180806
McAfee-GW-Edition BehavesLike.PDF.Evasion.kb 20180806
Microsoft TrojanDownloader:JS/Nemucod 20180806
eScan Trojan.GenericKD.5055898 20180807
NANO-Antivirus Trojan.Script.Agent.esamjt 20180806
Panda Generic Malware 20180806
Qihoo-360 virus.office.obfuscated.1 20180807
Rising Malware.PDF/Gen(99%) (AI) 20180806
Sophos AV Troj/DocDl-IYO 20180807
Symantec Trojan.Pidief 20180806
Tencent OLE.Win32.Macro.703738 20180807
TrendMicro W2KM_CRYPJAFF.A 20180807
TrendMicro-HouseCall W2KM_CRYPJAFF.A 20180807
VBA32 Trojan-Downloader.VBA.Agent.bae 20180806
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20180807
Zoner Probably PDFEmbed 20180806
Alibaba 20180713
Avast-Mobile 20180806
AVware 20180727
Babable 20180725
Bkav 20180806
CMC 20180806
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180807
eGambit 20180807
Endgame 20180730
Sophos ML 20180717
Jiangmin 20180807
K7AntiVirus 20180806
K7GW 20180807
Kingsoft 20180807
Malwarebytes 20180807
SentinelOne (Static ML) 20180701
SUPERAntiSpyware 20180806
Symantec Mobile Insight 20180801
TACHYON 20180806
TheHacker 20180805
TotalDefense 20180806
Trustlook 20180807
VIPRE 20180806
ViRobot 20180806
Webroot 20180807
Yandex 20180805
Zillya 20180806
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 5 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 15 object start declarations and 15 object end declarations.
This PDF document has 4 stream object start declarations and 4 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:11 23:52:43+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
1092828

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:11 23:52:43+03:00

Compressed bundles
File identification
MD5 8723896b67bad4423ff1173bebd52e13
SHA1 ad5a7ce143416b07d879e80f632e810dcd308047
SHA256 e95ada7eaa47b78e069cd2b78560d4e85b5ddfd27278234d9d38e6015a8734a8
ssdeep
1536:ZVnEKZfu4mdLo2XMrFjBFAmvhBn91uvpuIEROW8+nsUd:ZBEKZfu4ILo22FAQrwGROW8hUd

File size 65.6 KB ( 67158 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
attachment pdf file-embedded autoaction js-embedded

VirusTotal metadata
First submission 2017-05-11 23:26:42 UTC ( 2 years ago )
Last submission 2018-05-05 10:31:19 UTC ( 1 year ago )
File names 20170512361479.pdf
20170511663821.pdf
20170512269031.pdf
20170512811247.pdf
20170512162190.pdf
20170511162949.pdf
_20170512644190.pdf
20170512361479.pdf
80c8bfc557f9ae13b90ec2c119837514c01b41d1
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:11 23:52:43+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
1092828

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:11 23:52:43+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!