× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ee0b1352929433076754e60b81e02f52210221587014192f0b5eb8ce764754e
File name: nm.pdf
Detection ratio: 40 / 61
Analysis date: 2017-10-30 02:45:10 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5072309 20171030
AegisLab Vba.Gen!c 20171030
AhnLab-V3 PDF/Dropper 20171030
ALYac Trojan.Downloader.PDF.Agent 20171028
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.dfc 20171030
Arcabit Trojan.Generic.D4D65B5 20171030
Avast VBA:Downloader-FCJ [Trj] 20171030
AVG VBA:Downloader-FCJ [Trj] 20171030
Avira (no cloud) W2000M/Agent.0446414 20171029
Baidu VBA.Trojan-Downloader.Agent.bae 20171027
BitDefender Trojan.GenericKD.5072309 20171030
CAT-QuickHeal O97M.Downloader.AJK 20171028
ClamAV Doc.Downloader.Jaff-6316585-1 20171029
Cyren PP97M/Downldr 20171030
DrWeb W97M.DownLoader.1738 20171030
Emsisoft Trojan.GenericKD.5072309 (B) 20171030
ESET-NOD32 PDF/TrojanDropper.Agent.U 20171030
F-Prot New or modified PP97M/Downldr 20171030
F-Secure Trojan-Dropper:JS/PdfDropper.A 20171029
Fortinet WM/Moat.F1678919!tr 20171030
GData Trojan.GenericKD.5072309 20171030
Ikarus Trojan-Dropper.PDF.Agent 20171029
Kaspersky Trojan-Downloader.PDF.Agent.es 20171030
MAX malware (ai score=84) 20171030
McAfee Exploit-FXN!6B305C5B59C2 20171030
McAfee-GW-Edition BehavesLike.PDF.Evasion.kb 20171030
Microsoft TrojanDownloader:O97M/Donoff!rfn 20171030
eScan Trojan.GenericKD.5072309 20171030
NANO-Antivirus Trojan.Script.Agent.esamjt 20171030
Panda O97M/Downloader 20171029
Qihoo-360 virus.office.obfuscated.1 20171030
Rising Heur.Macro.Downloader.d (KTSE) 20171030
Sophos AV Troj/DocDl-IYE 20171030
Symantec Trojan.Pidief 20171029
Tencent OLE.Win32.Macro.703738 20171030
TrendMicro PDF_MALMACRO.A 20171030
TrendMicro-HouseCall PDF_MALMACRO.A 20171029
VBA32 Trojan-Downloader.VBA.Agent.bae 20171027
ViRobot PDF.S.Agent.64226 20171029
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20171030
Alibaba 20170911
Avast-Mobile 20171029
AVware 20171030
Bkav 20171029
CMC 20171029
Comodo 20171030
CrowdStrike Falcon (ML) 20171016
Cybereason 20170628
Cylance 20171030
eGambit 20171030
Endgame 20171024
Sophos ML 20170914
Jiangmin 20171030
K7AntiVirus 20171027
K7GW 20171030
Kingsoft 20171030
Malwarebytes 20171030
nProtect 20171030
Palo Alto Networks (Known Signatures) 20171030
SentinelOne (Static ML) 20171019
SUPERAntiSpyware 20171029
Symantec Mobile Insight 20171027
TheHacker 20171028
TotalDefense 20171029
Trustlook 20171030
VIPRE 20171030
Webroot 20171030
WhiteArmor 20171024
Yandex 20171027
Zillya 20171027
Zoner 20171030
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 5 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 15 object start declarations and 15 object end declarations.
This PDF document has 4 stream object start declarations and 4 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:09 11:24:53+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
154898

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:09 11:24:53+03:00

Compressed bundles
File identification
MD5 6b305c5b59c235122fd8049b1c4c794d
SHA1 baf08a5fe4f508babe41974af812536dd82c2008
SHA256 0ee0b1352929433076754e60b81e02f52210221587014192f0b5eb8ce764754e
ssdeep
1536:Vm/UN6jgkyGPsFLBYacOQ4RNynm2tLE4YNM6NA:Vm88jgkpP2Z76dI4YNM6NA

File size 62.7 KB ( 64226 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
attachment pdf file-embedded autoaction js-embedded

VirusTotal metadata
First submission 2017-05-11 07:42:11 UTC ( 7 months ago )
Last submission 2017-05-20 10:20:04 UTC ( 6 months, 3 weeks ago )
File names JAFF RANSOMWARE (5)
da2e13ba52d8ac6f04db3a5ea9c51b3baf263f83
nm.pdf
201705110805v4B854rv026004dappprodauscertorgau_nm.pdf
nm1.pdf
nm.pdf
nm.pdf.5
BÖSEnm.pdf
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:09 11:24:53+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
154898

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:09 11:24:53+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!