× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0dbff8f2c4e689328f5f4e6d0416a21cd09fa903add3e1dc1751caa982cb44b1
File name: 001_3116.pdf
Detection ratio: 29 / 56
Analysis date: 2017-05-16 08:54:29 UTC ( 5 months, 1 week ago ) View latest
Antivirus Result Update
AegisLab Vba.Gen!c 20170516
AhnLab-V3 PDF/Expod 20170515
Arcabit VB:Trojan.VBS.Downloader.ACS 20170516
Avira (no cloud) W2000M/Agent.5289217 20170516
BitDefender VB:Trojan.VBS.Downloader.ACS 20170516
CAT-QuickHeal O97M.Downloader.AJK 20170516
Cyren PP97M/Downldr 20170516
DrWeb W97M.DownLoader.1742 20170516
Emsisoft VB:Trojan.VBS.Downloader.ACS (B) 20170516
ESET-NOD32 PDF/TrojanDropper.Agent.W 20170516
F-Prot New or modified PP97M/Downldr 20170516
F-Secure Trojan-Dropper:JS/PdfDropper.A 20170516
Fortinet PDF/Agent.U!tr 20170516
GData VB:Trojan.VBS.Downloader.ACS 20170516
Ikarus Trojan-Downloader.VBA.Agent 20170516
Kaspersky Trojan-Downloader.MSWord.Agent.bim 20170516
McAfee Exploit-FXN!1E5488E7E382 20170516
McAfee-GW-Edition BehavesLike.PDF.BadFile.qb 20170515
Microsoft TrojanDownloader:JS/Nemucod 20170516
eScan VB:Trojan.VBS.Downloader.ACS 20170516
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170516
Panda O97M/Downloader 20170515
Qihoo-360 virus.office.obfuscated.1 20170516
Rising Heur.Macro.Downloader.d (cloud:Z9yDXEJU7cF) 20170516
Sophos AV Troj/DocDl-IXE 20170516
Symantec Trojan.Pidief.X 20170515
TrendMicro W2KM_DLOADR.DOCD 20170516
TrendMicro-HouseCall Suspicious_GEN.F47V0515 20170516
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20170516
Ad-Aware 20170516
Alibaba 20170516
ALYac 20170516
Antiy-AVL 20170516
Avast 20170516
AVG 20170515
AVware 20170516
Baidu 20170503
Bkav 20170516
ClamAV 20170515
CMC 20170516
Comodo 20170516
CrowdStrike Falcon (ML) 20170130
Endgame 20170515
Sophos ML 20170413
Jiangmin 20170516
K7AntiVirus 20170516
K7GW 20170516
Kingsoft 20170516
Malwarebytes 20170516
nProtect 20170516
Palo Alto Networks (Known Signatures) 20170516
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170516
Symantec Mobile Insight 20170516
Tencent 20170516
TheHacker 20170514
VBA32 20170516
VIPRE 20170516
ViRobot 20170516
Webroot 20170516
WhiteArmor 20170512
Yandex 20170515
Zillya 20170516
Zoner 20170516
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 5 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 15 object start declarations and 15 object end declarations.
This PDF document has 4 stream object start declarations and 4 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:15 12:22:12+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
1505349

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:15 12:22:12+03:00

File identification
MD5 1e5488e7e382f4ef0db3ed0df8d5dbdf
SHA1 f6d625ba4a79c2944cdebceb52a834c97c6f958e
SHA256 0dbff8f2c4e689328f5f4e6d0416a21cd09fa903add3e1dc1751caa982cb44b1
ssdeep
1536:zeuHhD/cD6pjaGUEHXi65R8QpfuntG6S3:ze+D/q6JwmS65xoGj3

File size 52.4 KB ( 53645 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
pdf file-embedded autoaction js-embedded

VirusTotal metadata
First submission 2017-05-15 11:56:45 UTC ( 5 months, 1 week ago )
Last submission 2017-05-25 13:45:21 UTC ( 5 months ago )
File names 001_1115.pdf
001_3116.pdf
001_0236.pdf
001_3640.pdf
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:15 12:22:12+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
1505349

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:15 12:22:12+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!