Ran a VirusTotal scan on my pdf file because a friend said my pdfs have a rootkit. That file contained some sensitive info, so I will not be uploading it here. I created a new word document and saved it as pdf, with random gibberish spam words like "alskjdlksajlkasdfliksh."
Here is the VirusTotal scan and the CAPE sandbox scan. Is this a false positive or what? Ive tested 3 different pdfs, and I got the same rootkit detection and file behavior of trying to hide from the sandbox. I don't know much about this.
1.) PDF VirusTotal
2.) Word doc VirusTotal
3.)https://vtbehaviour.commondatastorage.googleapis.com/eba9c3420d84bbdd12ee2a4066f3d5df8234b36fa86d3795a59c3fa054a668c7_CAPE Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776339731&Signature=45btG39CAx2ut8udjQb6rxJLlmFrSJT+prN2RSoSPmTXpcWuY8m6T0JUQwyUi6+oPMYCp/Je7/JyibqB0s6lrolOVC1qtIRZ0nowpCDDe7sfGtXm+IAvBmKfD6zLp8DxjxHSiq39oAvFNm+wSuj0P39XkFxzeXayS7YMrGN5u1UCrZjiAxZ325+stR0KUeqoSiUItGrNY03tgeRhMfWV3y5Gqm+ZXTqYwHkL5vkw8Jr+EZc/CwNzQakDmGD8euu22DNjyHjc+jrX/8CdJdDxjvv/cUI/v1RkmI3a7fhqwZQ01DMkzdAkrivyxQgaTSKvIeiRxXM7dBE+rYR0GZ+IcQ==&response-content-type=text/html;
To access the full CAPE sandbox report, please go to the virustotal link and click full report. Did not realize that the link shared expires.
Here is the VirusTotal scan and the CAPE sandbox scan. Is this a false positive or what? Ive tested 3 different pdfs, and I got the same rootkit detection and file behavior of trying to hide from the sandbox. I don't know much about this.
1.) PDF VirusTotal
2.) Word doc VirusTotal
3.)
To access the full CAPE sandbox report, please go to the virustotal link and click full report. Did not realize that the link shared expires.
Last edited:
