× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e1aab160d59b83a9b62dc2609c2d55b7f07387f4b84041c18efe068e05f9b9dd
File name: 51531390.PDF
Detection ratio: 14 / 56
Analysis date: 2017-05-22 14:10:16 UTC ( 5 months ago ) View latest
Antivirus Result Update
AegisLab Exploit.Spamdocmacro.Gen!c 20170522
Arcabit Exploit.SpamDocMacro.Gen 20170522
BitDefender Exploit.SpamDocMacro.Gen 20170522
CAT-QuickHeal O97M.Downloader.AJK 20170522
Emsisoft Exploit.SpamDocMacro.Gen (B) 20170522
F-Secure Exploit.SpamDocMacro.Gen 20170522
GData Exploit.SpamDocMacro.Gen 20170522
Ikarus Trojan-Downloader.VBA.Agent 20170522
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170522
Panda O97M/Downloader 20170521
Qihoo-360 virus.office.obfuscated.1 20170522
Rising Heur.Macro.Downloader.d (classic) 20170522
TrendMicro HEUR_VBA.O2 20170522
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20170522
Ad-Aware 20170522
AhnLab-V3 20170522
Alibaba 20170522
ALYac 20170522
Antiy-AVL 20170522
Avast 20170522
AVG 20170522
Avira (no cloud) 20170522
AVware 20170522
Baidu 20170503
Bkav 20170522
ClamAV 20170522
CMC 20170521
Comodo 20170522
CrowdStrike Falcon (ML) 20170130
Cyren 20170522
DrWeb 20170522
Endgame 20170515
ESET-NOD32 20170522
F-Prot 20170522
Fortinet 20170522
Sophos ML 20170519
Jiangmin 20170522
K7AntiVirus 20170522
K7GW 20170522
Kaspersky 20170522
Kingsoft 20170522
Malwarebytes 20170522
McAfee 20170522
McAfee-GW-Edition 20170521
Microsoft 20170522
eScan 20170522
nProtect 20170522
Palo Alto Networks (Known Signatures) 20170522
SentinelOne (Static ML) 20170516
Sophos AV 20170521
SUPERAntiSpyware 20170522
Symantec 20170522
Symantec Mobile Insight 20170522
Tencent 20170522
TheHacker 20170522
TrendMicro-HouseCall 20170522
Trustlook 20170522
VBA32 20170522
VIPRE 20170522
ViRobot 20170522
Webroot 20170522
WhiteArmor 20170517
Yandex 20170518
Zillya 20170520
Zoner 20170522
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 21 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 40 object start declarations and 40 object end declarations.
This PDF document has 9 stream object start declarations and 9 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:22 14:08:09+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:22 14:08:09+03:00

Compressed bundles
File identification
MD5 f2ec18d7f65d3186e2659ca978b10092
SHA1 25b42c3ba79f062bd38ca88d6b7dce9d685b77fd
SHA256 e1aab160d59b83a9b62dc2609c2d55b7f07387f4b84041c18efe068e05f9b9dd
ssdeep
1536:hx6esk1zK4F2H5yzCLVJu+Gez/Oi1hr2OqdhoYAyFx22FoDfFgF:hx6M24QyzCLVJuFS2GZWho5yvFoLFgF

File size 70.2 KB ( 71889 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
pdf js-embedded file-embedded attachment autoaction

VirusTotal metadata
First submission 2017-05-22 13:33:22 UTC ( 5 months ago )
Last submission 2017-07-05 09:56:11 UTC ( 3 months, 2 weeks ago )
File names e1aab160d59b83a9b62dc2609c2d55b7f07387f4b84041c18efe068e05f9b9dd.bin
93466709.PDF
83082764.PDF
51531390.PDF
64446440.PDF
96066489.PDF
14097964.PDF
8be588180a7dd75635b0327f24407170eadfe962
92542688.PDF
__substg1.0_37010102
11268539.PDF
45061127.PDF.pe
1d10b393afc309ff252f9c012e11ee708cafdee394ca5d1e6ee9c232af04b08fc784cf4c29a93f7d2500c20b484dad841a36c78d48e4fa198ad1499c5c7d2a89
50648967.PDF
f2ec18d7f65d3186e2659ca978b10092.PDF
20898563.PDF
45061127.PDF
33777916.PDF
32084579.PDF
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:22 14:08:09+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:22 14:08:09+03:00

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!