× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e148fd38f2958aa8b0a3f64dae50f917e2d7f8ccf43c1f3dcdc6a2d43f4825e5
File name: Document_32014201.pdf
Detection ratio: 37 / 57
Analysis date: 2017-05-21 11:19:20 UTC ( 1 day, 6 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.5072000 20170521
AegisLab Vba.Gen!c 20170521
AhnLab-V3 PDF/Expod 20170521
ALYac Trojan.Downloader.PDF.Agent 20170520
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.dfc 20170521
Arcabit Trojan.Generic.D4D6480 20170521
Avast VBA:Downloader-FCJ [Trj] 20170521
Avira (no cloud) W2000M/Agent.0446414 20170521
Baidu VBA.Trojan-Downloader.Agent.bae 20170503
BitDefender Trojan.GenericKD.5072000 20170521
CAT-QuickHeal O97M.Downloader.AJK 20170520
ClamAV Doc.Downloader.Jaff-6316585-0 20170521
Cyren PP97M/Downldr 20170521
DrWeb W97M.DownLoader.1738 20170521
Emsisoft Trojan.GenericKD.5072000 (B) 20170521
ESET-NOD32 PDF/TrojanDropper.Agent.U 20170521
F-Prot New or modified PP97M/Downldr 20170521
F-Secure Trojan-Dropper:JS/PdfDropper.A 20170521
Fortinet WM/TrojanDownloader.7A51!tr 20170521
GData Trojan.GenericKD.5072000 20170521
Ikarus Trojan-Downloader.VBA.Agent 20170521
Kaspersky Trojan-Downloader.PDF.Agent.es 20170521
McAfee Artemis!D4690177C76B 20170521
McAfee-GW-Edition Generic Downloader.sf 20170521
Microsoft TrojanDownloader:O97M/Donoff!rfn 20170521
eScan Trojan.GenericKD.5072000 20170521
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170521
Panda O97M/Downloader 20170521
Qihoo-360 virus.office.obfuscated.1 20170521
Rising Heur.Macro.Downloader.d (cloud:Z9yDXEJU7cF) 20170518
Sophos Troj/DocDl-IYE 20170521
Symantec Trojan.Pidief 20170520
Tencent Pdf.Trojan-downloader.Agent.Wqcv 20170521
TrendMicro PDF_DOCDROP.YYSZS 20170521
TrendMicro-HouseCall PDF_DOCDROP.YYSZS 20170521
ViRobot PDF.S.Agent.64320[h] 20170520
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20170521
Alibaba 20170521
AVG 20170521
AVware 20170521
Bkav 20170520
CMC 20170521
Comodo 20170521
CrowdStrike Falcon (ML) 20170130
Endgame 20170515
Invincea 20170519
Jiangmin 20170521
K7AntiVirus 20170521
K7GW 20170521
Kingsoft 20170521
Malwarebytes 20170521
nProtect 20170519
Palo Alto Networks (Known Signatures) 20170521
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170521
Symantec Mobile Insight 20170518
TheHacker 20170520
TotalDefense 20170521
Trustlook 20170521
VBA32 20170519
VIPRE 20170521
Webroot 20170521
WhiteArmor 20170517
Yandex 20170518
Zillya 20170520
Zoner 20170521
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 5 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 15 object start declarations and 15 object end declarations.
This PDF document has 4 stream object start declarations and 4 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:09 11:24:53+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
8985900

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:09 11:24:53+03:00

Compressed bundles
File identification
MD5 d4690177c76b5e86fbd9d6b8e8ee23ed
SHA1 abdca1d4fe5cd40cb1ac362f5ed3705f4bd2ecf1
SHA256 e148fd38f2958aa8b0a3f64dae50f917e2d7f8ccf43c1f3dcdc6a2d43f4825e5
ssdeep
1536:yh7nOnTcA8an1+4IavFISdLV+SVjzg8H+1nnt/kMUp3z5cs4:L4fV4IaBRJw8H+1t/dUp3th4

File size 62.8 KB ( 64320 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
attachment pdf file-embedded autoaction js-embedded

VirusTotal metadata
First submission 2017-05-11 08:06:28 UTC ( 1 week, 4 days ago )
Last submission 2017-05-21 11:19:20 UTC ( 1 day, 6 hours ago )
File names JAFF RANSOMWARE (4)
Copy_2264800.pdf
__substg1.0_37010102
nm.pdf
Document_32014201.pdf
Copy_8680.pdf
f93da34252259b3bb0b72beaa5dfe7d7d8855a78
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:09 11:24:53+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
8985900

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:09 11:24:53+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!