× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0ee0b1352929433076754e60b81e02f52210221587014192f0b5eb8ce764754e
File name: nm.pdf
Detection ratio: 41 / 60
Analysis date: 2017-08-13 00:08:54 UTC ( 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5072309 20170812
AegisLab Vba.Gen!c 20170812
AhnLab-V3 PDF/Dropper 20170812
ALYac Trojan.Downloader.PDF.Agent 20170812
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.dfc 20170812
Arcabit Trojan.Generic.D4D65B5 20170812
Avast VBA:Downloader-FCJ [Trj] 20170813
AVG VBA:Downloader-FCJ [Trj] 20170813
Avira (no cloud) W2000M/Agent.0446414 20170812
Baidu VBA.Trojan-Downloader.Agent.bae 20170811
BitDefender Trojan.GenericKD.5072309 20170812
CAT-QuickHeal O97M.Downloader.AJK 20170812
ClamAV Doc.Downloader.Jaff-6316585-1 20170812
Comodo UnclassifiedMalware 20170813
Cyren PP97M/Downldr 20170812
DrWeb W97M.DownLoader.1738 20170812
Emsisoft Trojan.GenericKD.5072309 (B) 20170812
ESET-NOD32 PDF/TrojanDropper.Agent.U 20170812
F-Prot New or modified PP97M/Downldr 20170812
F-Secure Trojan-Dropper:JS/PdfDropper.A 20170812
Fortinet WM/Moat.F1678919!tr 20170812
GData Trojan.GenericKD.5072309 20170813
Ikarus Trojan-Dropper.PDF.Agent 20170812
Kaspersky Trojan-Downloader.PDF.Agent.es 20170812
MAX malware (ai score=84) 20170812
McAfee Exploit-FXN!6B305C5B59C2 20170812
McAfee-GW-Edition BehavesLike.PDF.Evasion.kb 20170813
Microsoft TrojanDownloader:O97M/Donoff!rfn 20170812
eScan Trojan.GenericKD.5072309 20170812
NANO-Antivirus Trojan.Script.Agent.epysdx 20170812
Panda O97M/Downloader 20170812
Qihoo-360 virus.office.obfuscated.1 20170813
Rising Heur.Macro.Downloader.d (ktse) 20170813
Sophos AV Troj/DocDl-IYE 20170813
Symantec Trojan.Pidief 20170812
Tencent OLE.Win32.Macro.703738 20170813
TrendMicro PDF_MALMACRO.A 20170812
TrendMicro-HouseCall PDF_MALMACRO.A 20170812
VBA32 Trojan-Downloader.VBA.Agent.bae 20170811
ViRobot PDF.S.Agent.64226 20170812
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20170812
Alibaba 20170811
AVware 20170812
Bkav 20170812
CMC 20170812
CrowdStrike Falcon (ML) 20170804
Cylance 20170813
Endgame 20170721
Sophos ML 20170607
Jiangmin 20170813
K7AntiVirus 20170812
K7GW 20170812
Kingsoft 20170813
Malwarebytes 20170812
nProtect 20170812
Palo Alto Networks (Known Signatures) 20170813
SentinelOne (Static ML) 20170806
SUPERAntiSpyware 20170812
Symantec Mobile Insight 20170811
TheHacker 20170810
TotalDefense 20170812
Trustlook 20170813
VIPRE 20170813
Webroot 20170813
WhiteArmor 20170731
Yandex 20170807
Zillya 20170811
Zoner 20170812
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 5 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 15 object start declarations and 15 object end declarations.
This PDF document has 4 stream object start declarations and 4 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:09 11:24:53+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
154898

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:09 11:24:53+03:00

Compressed bundles
File identification
MD5 6b305c5b59c235122fd8049b1c4c794d
SHA1 baf08a5fe4f508babe41974af812536dd82c2008
SHA256 0ee0b1352929433076754e60b81e02f52210221587014192f0b5eb8ce764754e
ssdeep
1536:Vm/UN6jgkyGPsFLBYacOQ4RNynm2tLE4YNM6NA:Vm88jgkpP2Z76dI4YNM6NA

File size 62.7 KB ( 64226 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
pdf autoaction file-embedded attachment js-embedded

VirusTotal metadata
First submission 2017-05-11 07:42:11 UTC ( 3 months, 1 week ago )
Last submission 2017-05-20 10:20:04 UTC ( 3 months ago )
File names JAFF RANSOMWARE (5)
da2e13ba52d8ac6f04db3a5ea9c51b3baf263f83
nm.pdf
201705110805v4B854rv026004dappprodauscertorgau_nm.pdf
nm1.pdf
nm.pdf
nm.pdf.5
BÖSEnm.pdf
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:09 11:24:53+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
154898

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:09 11:24:53+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!