× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 2d6556f1f7896bb4b969cf778ba28618e7700e7ae928af49b9a6e869855bf5a4
Nom du fichier : CVE-2013-0640_PDF_F3B9663A01A73C5ECA9D6B2A0519049E_Visaform Turke...
Ratio de détection : 38 / 56
Date d'analyse : 2016-05-04 15:18:13 UTC (il y a 1 mois, 3 semaines)
Antivirus Résultat Mise à jour
ALYac PDF:Exploit.PDF-JS.VD 20160504
AVG JS/Obfuscated 20160504
AVware LooksLike.PDF.Malware.e (v) 20160504
Ad-Aware Exploit.PDF-JS.JU 20160504
AhnLab-V3 PDF/Exploit 20160504
Avast JS:CVE-2013-0640-A [Expl] 20160504
Avira (no cloud) EXP/Pidief.eed 20160504
Baidu JS.Exploit.Pdfka.aqm 20160504
BitDefender Exploit.PDF-JS.JU 20160504
CAT-QuickHeal Exp.PDF.CVE-2013-0641.B 20160504
Comodo UnclassifiedMalware 20160504
Cyren CVE130640 20160504
DrWeb PDF.Obfuscated.9 20160504
ESET-NOD32 JS/Exploit.Pdfka.QCV 20160504
Emsisoft Exploit.PDF-JS.JU (B) 20160503
F-Prot CVE130640 20160504
F-Secure Exploit:W32/Pidief.DHK 20160504
Fortinet JS/Pdfka.GIW!exploit 20160504
GData Exploit.PDF-JS.JU 20160504
Ikarus Exploit.PDF.Miniduke 20160504
Jiangmin Exploit.CVE-2013-0641.a 20160504
K7AntiVirus Trojan ( 003fa8561 ) 20160504
K7GW Trojan ( 003fa8561 ) 20160504
Kaspersky Exploit.JS.Pdfka.giw 20160504
McAfee Exploit-PDF.cy 20160504
McAfee-GW-Edition BehavesLike.PDF.Trojan.cg 20160504
eScan Exploit.PDF-JS.JU 20160504
Microsoft Exploit:Win32/SandyEva 20160504
NANO-Antivirus Exploit.Script.Pdfka.degbmm 20160504
Panda Trj/OCJ.D 20160504
Qihoo-360 virus.js.unescapepmen.4 20160504
Sophos Troj/PDFJs-ADR 20160504
Symantec Trojan.Pidief 20160504
Tencent Pdf.Exploit.Pdfka.Ednl 20160504
TrendMicro-HouseCall TROJ_PIDIEF.KGM 20160504
VIPRE LooksLike.PDF.Malware.e (v) 20160504
ViRobot PDF.S.CVE-2013-0640.828744[h] 20160504
nProtect Trojan-Exploit/W32.Pidief.828744.JWG 20160504
AegisLab 20160504
Alibaba 20160504
Antiy-AVL 20160504
Arcabit 20160504
Baidu-International 20160504
CMC 20160504
ClamAV 20160503
Kingsoft 20160504
Malwarebytes 20160504
Rising 20160504
SUPERAntiSpyware 20160504
TheHacker 20160503
TotalDefense 20160504
TrendMicro 20160505
VBA32 20160504
Yandex 20160502
Zillya 20160504
Zoner 20160504
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.7.
PDFiD information
This PDF file contains 2 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains AcroForm objects. AcroForm Objects can specify and launch scripts or actions, that is why they are often abused by attackers.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 8 object start declarations and 8 object end declarations.
This PDF document has 2 stream object start declarations and 2 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

FormUsageRights
Create, Delete, FillIn, Import, Export, SubmitStandAlone, SpawnTemplate, BarcodePlaintext, Online

DocumentUsageRights
FullSave

ModificationPermissions
Restrict all applications to reader permissions

FileType
PDF

PageCount
1

AnnotationUsageRights
Create, Delete, Modify, Copy, Import, Export, Online, SummaryView

SigningDate
2013:02:04 14:36:38Z

Linearized
No

SignatureUsageRights
Modify

EmbeddedFileUsageRights
Create, Delete, Modify, Import

FileTypeExtension
pdf

SigningAuthority
ARE Acrobat Product v8.0 P23 0002337

PDFVersion
1.7

HasXFA
Yes

File identification
MD5 f3b9663a01a73c5eca9d6b2a0519049e
SHA1 d7579cc146fb3fe215a83bf36cefbeef96990a91
SHA256 2d6556f1f7896bb4b969cf778ba28618e7700e7ae928af49b9a6e869855bf5a4
ssdeep
12288:7F1Gbzb4dCHXn+2vOC3GrsuQAKSWKqV6ooeAvf0SHzAgWvW+dVtratsU0gNS6kqe:kUmMkKC7daiU0UsVaScxBamO

File size 809.3 KB ( 828744 bytes )
File type PDF
Magic literal
PDF document, version 1.7

TrID Adobe Portable Document Format (100.0%)
Tags
js-embedded exploit autoaction pdf acroform cve-2013-0641 cve-2013-0640

VirusTotal metadata
First submission 2013-02-11 09:35:38 UTC (il y a 3 ans, 4 mois)
Last submission 2015-12-17 02:03:10 UTC (il y a 6 mois, 1 semaine)
Noms du fichier Visaform Turkey.pdf
CVE-2013-0640_PDF_F3B9663A01A73C5ECA9D6B2A0519049E_Visaform Turkey.pdf_
CVE-2013-0640_PDF_F3B9663A01A73C5ECA9D6B2A0519049E_Visaform Turkey.pdf_
f3b9663a01a73c5eca9d6b2a0519049e.pdf
189.pdf
virus.pdf
CVE-2013-0640_PDF_F3B9663A01A73C5ECA9D6B2A0519049E_Visaform Turkey.pdf_-305753-1376710687-tmp
CVE-2013-0640_PDF_F3B9663A01A73C5ECA9D6B2A0519049E_Visaform Turkey.pdf
f3b9663a01a73c5eca9d6b2a0519049e
2d6556f1f7896bb4b969cf778ba28618e7700e7ae928af49b9a6e869855bf5a4.pdf_
1.pdf
vti-rescan
2d6556f1f7896bb4b969cf778ba28618e7700e7ae928af49b9a6e869855bf5a4.pdf
2d6556f1f7896bb4b969cf778ba28618e7700e7ae928af49b9a6e869855bf5a4
ExifTool file metadata
MIMEType
application/pdf

FormUsageRights
Create, Delete, FillIn, Import, Export, SubmitStandAlone, SpawnTemplate, BarcodePlaintext, Online

DocumentUsageRights
FullSave

ModificationPermissions
Restrict all applications to reader permissions

FileType
PDF

PageCount
1

AnnotationUsageRights
Create, Delete, Modify, Copy, Import, Export, Online, SummaryView

SigningDate
2013:02:04 14:36:38Z

Linearized
No

SignatureUsageRights
Modify

EmbeddedFileUsageRights
Create, Delete, Modify, Import

FileTypeExtension
pdf

SigningAuthority
ARE Acrobat Product v8.0 P23 0002337

PDFVersion
1.7

HasXFA
Yes

Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !