× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ee0b1352929433076754e60b81e02f52210221587014192f0b5eb8ce764754e
File name: nm.pdf
Detection ratio: 37 / 57
Analysis date: 2017-05-20 10:20:04 UTC ( 2 days, 7 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5072309 20170520
AegisLab Vba.Gen!c 20170520
AhnLab-V3 PDF/Dropper 20170519
ALYac Trojan.Downloader.PDF.Agent 20170519
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.dfc 20170520
Arcabit Trojan.Generic.D4D65B5 20170520
Avast VBA:Downloader-FCJ [Trj] 20170520
Avira (no cloud) W2000M/Agent.0446414 20170520
Baidu VBA.Trojan-Downloader.Agent.bae 20170503
BitDefender Trojan.GenericKD.5072309 20170520
CAT-QuickHeal O97M.Downloader.AJK 20170520
ClamAV Doc.Downloader.Jaff-6316585-0 20170520
Cyren PP97M/Downldr 20170520
DrWeb W97M.DownLoader.1738 20170520
Emsisoft Trojan.GenericKD.5072309 (B) 20170520
ESET-NOD32 PDF/TrojanDropper.Agent.U 20170520
F-Prot New or modified PP97M/Downldr 20170520
F-Secure Trojan-Dropper:JS/PdfDropper.A 20170520
Fortinet WM/TrojanDownloader.7A51!tr 20170520
GData Trojan.GenericKD.5072309 20170520
Ikarus Trojan-Downloader.VBA.Agent 20170520
Kaspersky Trojan-Downloader.PDF.Agent.es 20170520
McAfee Artemis!6B305C5B59C2 20170520
McAfee-GW-Edition Generic Downloader.sf 20170520
Microsoft TrojanDownloader:O97M/Donoff!rfn 20170520
eScan Trojan.GenericKD.5072309 20170520
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170519
Panda O97M/Downloader 20170520
Qihoo-360 virus.office.obfuscated.1 20170520
Sophos Troj/DocDl-IYE 20170520
Symantec Trojan.Pidief 20170519
Tencent Pdf.Trojan-downloader.Agent.Wozo 20170520
TrendMicro PDF_MALMACRO.A 20170520
TrendMicro-HouseCall PDF_MALMACRO.A 20170520
VBA32 Trojan-Downloader.VBA.Agent.bae 20170519
ViRobot PDF.S.Agent.64226[h] 20170520
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20170520
Alibaba 20170519
AVG 20170520
AVware 20170520
Bkav 20170520
CMC 20170519
Comodo 20170520
CrowdStrike Falcon (ML) 20170130
Endgame 20170515
Invincea 20170519
Jiangmin 20170520
K7AntiVirus 20170520
K7GW 20170520
Kingsoft 20170520
Malwarebytes 20170520
nProtect 20170519
Palo Alto Networks (Known Signatures) 20170520
Rising None
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170520
Symantec Mobile Insight 20170518
TheHacker 20170516
TotalDefense 20170520
Trustlook 20170520
VIPRE 20170520
Webroot 20170520
WhiteArmor 20170517
Yandex 20170518
Zillya 20170518
Zoner 20170520
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 5 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 15 object start declarations and 15 object end declarations.
This PDF document has 4 stream object start declarations and 4 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:09 11:24:53+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
154898

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:09 11:24:53+03:00

Compressed bundles
File identification
MD5 6b305c5b59c235122fd8049b1c4c794d
SHA1 baf08a5fe4f508babe41974af812536dd82c2008
SHA256 0ee0b1352929433076754e60b81e02f52210221587014192f0b5eb8ce764754e
ssdeep
1536:Vm/UN6jgkyGPsFLBYacOQ4RNynm2tLE4YNM6NA:Vm88jgkpP2Z76dI4YNM6NA

File size 62.7 KB ( 64226 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
attachment pdf file-embedded autoaction js-embedded

VirusTotal metadata
First submission 2017-05-11 07:42:11 UTC ( 1 week, 4 days ago )
Last submission 2017-05-20 10:20:04 UTC ( 2 days, 7 hours ago )
File names JAFF RANSOMWARE (5)
da2e13ba52d8ac6f04db3a5ea9c51b3baf263f83
nm.pdf
201705110805v4B854rv026004dappprodauscertorgau_nm.pdf
nm1.pdf
nm.pdf
nm.pdf.5
BÖSEnm.pdf
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:09 11:24:53+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
154898

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:09 11:24:53+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!