× მზა ფაილები (Cookies) გამორთულია! ეს საიტი მოთხოვს მზა ფაილებს (cookies ) გამართული მუშაობისათვის
SHA256: 0ee0b1352929433076754e60b81e02f52210221587014192f0b5eb8ce764754e
ფაილის სახელი: nm1.pdf
დაფიქსირების შეფარდება: 12 / 56
ანალიზის თარიღი: 2017-05-11 08:44:11 UTC ( 5 თვე, 1 კვირა-ის წინ ) ბოლო
ანტივირუსი შედეგები განახლება
AegisLab Vba.Gen!c 20170511
Avira (no cloud) W2000M/Agent.0446414 20170511
Baidu VBA.Trojan-Downloader.Agent.bae 20170503
CAT-QuickHeal O97M.Downloader.AJK 20170511
Fortinet WM/TrojanDownloader.7A51!tr 20170511
Ikarus Trojan-Downloader.VBA.Agent 20170511
McAfee W97M/Downloader.bxw 20170511
McAfee-GW-Edition W97M/Downloader.bxw 20170510
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20170511
Qihoo-360 virus.office.obfuscated.1 20170511
Symantec Trojan.Gen.8!cloud 20170510
ZoneAlarm by Check Point HEUR:Trojan-Downloader.Script.Generic 20170511
Ad-Aware 20170511
AhnLab-V3 20170511
Alibaba 20170511
ALYac 20170511
Antiy-AVL 20170511
Arcabit 20170511
Avast 20170511
AVG 20170511
AVware 20170508
BitDefender 20170511
Bkav 20170511
ClamAV 20170511
CMC 20170510
Comodo 20170511
CrowdStrike Falcon (ML) 20170130
Cyren 20170511
DrWeb 20170511
Emsisoft 20170511
Endgame 20170503
ESET-NOD32 20170511
F-Prot 20170511
F-Secure 20170511
GData 20170511
Sophos ML 20170413
Jiangmin 20170510
K7AntiVirus 20170511
K7GW 20170510
Kaspersky 20170511
Kingsoft 20170511
Malwarebytes 20170511
Microsoft 20170511
eScan 20170511
nProtect 20170511
Palo Alto Networks (Known Signatures) 20170511
Panda 20170510
Rising 20170511
SentinelOne (Static ML) 20170330
Sophos AV 20170511
SUPERAntiSpyware 20170511
Symantec Mobile Insight 20170511
Tencent 20170511
TheHacker 20170508
TrendMicro 20170511
TrendMicro-HouseCall 20170511
VBA32 20170510
VIPRE 20170511
ViRobot 20170511
Webroot 20170511
WhiteArmor 20170502
Yandex 20170510
Zillya 20170505
Zoner 20170511
The file being studied is a PDF document! The document's header reveals it is using the following file format specification: %PDF-1.4.
PDFiD information
This PDF file contains 5 JavaScript blocks. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
The combination of automatic actions and JavaScript makes this PDF document suspicious.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF.
This PDF document has 1 page, please note that most malicious PDFs have only one page.
This PDF document has 15 object start declarations and 15 object end declarations.
This PDF document has 4 stream object start declarations and 4 stream object end declarations.
This PDF document has a cross reference table (xref).
This PDF document has a pointer to the cross reference table (startxref).
This PDF document has a trailer dictionary containing entries allowing the cross reference table, and thus the file objects, to be read.
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:09 11:24:53+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
154898

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:09 11:24:53+03:00

Compressed bundles
File identification
MD5 6b305c5b59c235122fd8049b1c4c794d
SHA1 baf08a5fe4f508babe41974af812536dd82c2008
SHA256 0ee0b1352929433076754e60b81e02f52210221587014192f0b5eb8ce764754e
ssdeep
1536:Vm/UN6jgkyGPsFLBYacOQ4RNynm2tLE4YNM6NA:Vm88jgkpP2Z76dI4YNM6NA

File size 62.7 კბ ( 64226 bytes )
File type PDF
Magic literal
PDF document, version 1.4

TrID Adobe Portable Document Format (100.0%)
Tags
pdf autoaction file-embedded attachment js-embedded

VirusTotal metadata
First submission 2017-05-11 07:42:11 UTC ( 5 თვე, 1 კვირა-ის წინ )
Last submission 2017-05-20 10:20:04 UTC ( 5 თვე-ის წინ )
ფაილის სახელები JAFF RANSOMWARE (5)
da2e13ba52d8ac6f04db3a5ea9c51b3baf263f83
nm.pdf
201705110805v4B854rv026004dappprodauscertorgau_nm.pdf
nm1.pdf
nm.pdf
nm.pdf.5
BÖSEnm.pdf
ExifTool file metadata
MIMEType
application/pdf

ModifyDate
2017:05:09 11:24:53+03:00

Producer
iTextSharp 5.5.10 2000-2016 iText Group NV (AGPL-version)

PageCount
1

FileType
PDF

Creator
154898

Linearized
No

FileTypeExtension
pdf

PDFVersion
1.4

CreateDate
2017:05:09 11:24:53+03:00

კომენტარები არაა. ვირუსტოტალის წევრებს არ დაუტოვებიათ კომენტარი, იყავი პირველი!

დატოვე კომენტარი...

?
გამოაქვეყნე კომენტარი

თქვენ არ შესულხართ სისტემაში მხოლოდ დარეგისტრირებულ წევრებს შეუძლიათ კომენტარის დატოვება. დარეგისტრირდით რათა გქონდეთ თქვენი ხმა,

შეფასებები არ არის. ეს ფაილი არავის შეუფასებია, იყავი პირველი!