× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2ece54ed150732b33edcaf758f55d73ecc945c926e9e7a331a650409c932056a
File name: 52040596.PDF
Detection ratio: 17 / 56
Analysis date: 2017-05-22 14:16:09 UTC ( 5 months ago ) View latest
Antivirus Result Update
AegisLab Exploit.Spamdocmacro.Gen!c 20170522
Arcabit Exploit.SpamDocMacro.Gen 20170522
BitDefender Exploit.SpamDocMacro.Gen 20170522
CAT-QuickHeal O97M.Downloader.AJK 20170522
Emsisoft Exploit.SpamDocMacro.Gen (B) 20170522
F-Secure Exploit.SpamDocMacro.Gen 20170522
GData Exploit.SpamDocMacro.Gen 20170522
Ikarus Trojan-Downloader.VBA.Agent 20170522
McAfee Artemis!FA17464BF105 20170522
McAfee-GW-Edition Artemis 20170521
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170522
Panda O97M/Downloader 20170521
Qihoo-360 virus.office.obfuscated.1 20170522
Rising Heur.Macro.Downloader.d (classic) 20170522
Symantec Trojan.Gen.8!cloud 20170522
TrendMicro HEUR_VBA.O2 20170522
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20170522
Ad-Aware 20170522
AhnLab-V3 20170522
Alibaba 20170522
ALYac 20170522
Antiy-AVL 20170522
Avast 20170522
AVG 20170522
Avira (no cloud) 20170522
AVware 20170522
Baidu 20170503
Bkav None
ClamAV 20170522
CMC 20170521
Comodo 20170522
CrowdStrike Falcon (ML) 20170130
Cyren 20170522
DrWeb 20170522
Endgame 20170515
ESET-NOD32 20170522
F-Prot 20170522
Fortinet 20170522
Sophos ML 20170519
Jiangmin 20170522
K7AntiVirus 20170522
K7GW 20170522
Kaspersky 20170522
Kingsoft 20170522
Malwarebytes 20170522
Microsoft 20170522
eScan 20170522
nProtect 20170522
Palo Alto Networks (Known Signatures) 20170522
SentinelOne (Static ML) 20170516
Sophos AV 20170521
SUPERAntiSpyware 20170522
Symantec Mobile Insight 20170522
Tencent 20170522
TheHacker 20170522
TrendMicro-HouseCall 20170522
Trustlook 20170522
VBA32 20170522
VIPRE 20170522
ViRobot 20170522
Webroot 20170522
WhiteArmor 20170517
Yandex 20170518
Zillya 20170520
Zoner 20170522
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 21 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 40 object start declarations and 40 object end declarations.
This PDF document has 9 stream object start declarations and 9 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:22 14:08:07+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:22 14:08:07+03:00

Compressed bundles
File identification
MD5 fa17464bf1059702190f56e4b898e144
SHA1 821e0dcc7c3f3bf123480ed20941c04120b65410
SHA256 2ece54ed150732b33edcaf758f55d73ecc945c926e9e7a331a650409c932056a
ssdeep
1536:Uh+6eskHzK4iBZxOQ0BR0sEzFyt0QPvR8X3UQBOQfLR:I+6m24YzORBR0DzI7HRajLR

File size 70.3 KB ( 72014 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
js-embedded attachment via-tor pdf file-embedded autoaction

VirusTotal metadata
First submission 2017-05-22 12:36:10 UTC ( 5 months ago )
Last submission 2017-07-05 09:55:40 UTC ( 3 months, 2 weeks ago )
File names 03037871.PDF
58715781.PDF
40651656.PDF
2ece54ed150732b33edcaf758f55d73ecc945c926e9e7a331a650409c932056a.bin
625b583adea9eccfd2305af4b25fdfabbca3eaf9
71247599.PDF
48933453.PDF
32967186.PDF
81189691.PDF
dd45bbdf488b96a5e40a330961a01699dd7bdd3647b8d0b443bef8e903ad8828b2e1dca3511df21ddc9cd33e48b4ca10a937d91172a0fc6d10945e52b0be73e7
87049878.PDF
58294837.PDF
70492001.PDF
35548203.PDF
66647000.PDF
35548203.PDF
30052177.PDF
52040596.PDF
22660001.PDF
201705221316v4MDGVQX018178dappprodauscertorgau_39115970.PDF
91439117.PDF
76301675.PDF
fa17464bf1059702190f56e4b898e144.PDF
69933610.PDF
34484367.PDF
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:22 14:08:07+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:22 14:08:07+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!