PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
dc4b3f27e564574e888a09a39775ae4e view report 8bfa87b410347a9bcf49ead272ee0c727febdb80f754caab8e2198acd18e8a24 9880 7 J      
17.0@7374: suspicious.javascript in XFA block
17.0@7374: suspicious.warning: object contains JavaScript
de3cc7318726826266ddb4e72bf08258 view report d4f1f931c81a8dc4e00903a099723ed02ba545e436da9e2e602cb7d68130c52e 3924 11 J      
7.0@295: suspicious.obfuscation using String.fromCharCode
7.0@295: suspicious.obfuscation using String.replace
7.0@295: suspicious.warning: object contains JavaScript
6ae16ed7cb3c45cfc9d19a3150a2a964 view report 2e6c800c49a56799228f749e6591ddf37beb5cb69036a7276ffd9e9f849cdcab 7786 19 J      
6.0@549: suspicious.obfuscation using unescape
6.0@549: suspicious.obfuscation using substring
6.0@549: suspicious.warning: object contains JavaScript
0a934aeb721cdb8e4255ef8811e2c195 view report 36a1237bfde4e91d483a657bfffa64a0edc4449a28e5057eb246fd025dbd573c 10706 30        
1.0@17: pdf.exploit TIFF overflow CVE-2010-0188
368f8d2706a40eef90262d61bc486295 view report ba5f5c92f67462d22f53213561cd17978457e88865deee2d07e415f14f321f56 3689 82 J      
6.0@413: suspicious.obfuscation using unescape
6.0@413: suspicious.obfuscation using substring
6.0@413: pdf.suspicious util.printd used to fill buffers
6.0@413: pdf.exploit media.newPlayer CVE-2009-4324
6.0@413: suspicious.warning: object contains JavaScript
689f7ad1b3e0e6bcf65c436bec6e2446 view report 390704e26c56d1dfdde6d35a768d3b1f6422af024d23e42c39c27fad9af05496 32221 10 J      
46.0@8303: suspicious.obfuscation toString
46.0@8303: suspicious.obfuscation using String.fromCharCode
46.0@8303: suspicious.warning: object contains JavaScript
f1ac766cdcf4f85ad96a6e4cc610f188 view report 4f9ed26a9fdabf0e21cd1b5ca689b95a9c7ff8460a5ae8cb527e15c628b625be 5888 62 J      
10.0@899: pdf.exploit U3D CVE-2011-2462
10.0@899: pdf.exploit U3D CVE-2011-2462 A
15.0@2006: suspicious.obfuscation using unescape
15.0@2006: suspicious.obfuscation using substr
15.0@2006: suspicious.obfuscation using substring
15.0@2006: suspicious.warning: object contains JavaScript
1e2e44357d9e1580ddade3c104a63090 view report 158e318f904523dd8ae148e9e4941c6f82e18ac4904c403f7a07d0ecd065f958 5557 88 J      
5.0@354: suspicious.obfuscation using unescape
5.0@354: suspicious.obfuscation using substring
5.0@354: suspicious.string -HeapSpray-
5.0@354: suspicious.string -shellcode-
5.0@354: pdf.exploit ToolButton use-after-free CVE-2014-0496
5.0@354: suspicious.javascript addToolButton
5.0@354: suspicious.warning: object contains JavaScript
cve_2013_3346
4910cbb2724ed5d77d4bbd5547a38ccc view report 876723e40445e9a523d66511cd94e43f891ca7d01b99878937d8582e9127e0df 5102 19 J      
1.0@15: suspicious.obfuscation using unescape
1.0@15: suspicious.obfuscation using substring
1.0@15: suspicious.warning: object contains JavaScript
cf4355b33140fe34857dc1bd308faf73 view report e65e5f8fd9b6c0ff55c8e783e040664c910da70d2dfc90e874879933eca5507f 5600 20 J      
1.0@15: suspicious.obfuscation using unescape
1.0@15: suspicious.obfuscation using substring
1.0@15: suspicious.warning: object contains JavaScript
2.0@3948: suspicious.warning: object contains JavaScript
ad2f1bbf3b0ab8abb9938cb99dcf9b64 view report 8a476fa5da8c23942f58dff1ebf5a3fb277ad2acca80b45e5a3c29015cc69d42 6548 49 J      
6.0@427: suspicious.obfuscation using unescape
6.0@427: suspicious.obfuscation using substring
6.0@427: pdf.exploit util.printf CVE-2008-2992
6.0@427: suspicious.warning: object contains JavaScript
7c3de79fa5ac6eb348c74ae7d54fec80 view report 7386afa810c7dc8db5f23bb5d46a5e5ed6cb3755250628be9ea407d2c29242d9 7396 49 J      
6.0@417: suspicious.obfuscation using unescape
6.0@417: suspicious.obfuscation using substring
6.0@417: pdf.exploit Collab.collectEmailInfo CVE-2008-0655
6.0@417: suspicious.warning: object contains JavaScript
2ba99cb8c18d8b6452f3f63c518e8765 view report 3240c3ddbca515579aadc3d442d1768b5ee6c21f7399756d1102d25390e366b4 46624 26 J      
10.0@1032: pdf.exploit fontfile SING table overflow CVE-2010-2883 A
12.0@41470: suspicious.obfuscation using unescape
12.0@41470: suspicious.obfuscation using substring
12.0@41470: suspicious.string heap spray shellcode
12.0@41470: suspicious.string shellcode
12.0@41470: suspicious.warning: object contains JavaScript
7cca944e82628b993d8ccf7697be58d4 view report 5728ea274025c7c81fe0a2ebbd0e57cc4b5cb36d613922358fb49c6d38679171 33855 39 J F    
6.0@326: suspicious.obfuscation using unescape
6.0@326: suspicious.obfuscation using substring
6.0@326: suspicious.string Shellcode NOP sled
6.0@326: suspicious.string heap spray shellcode
6.0@326: suspicious.warning: object contains JavaScript
7.0@4386: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
8.0@4571: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
9.0@4726: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
10.0@4844: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
11.0@4947: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
14.0@5217: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
15.0@5347: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
16.0@5454: flash.exploit CVE-2010-3654
16.0@5454: suspicious.flash addFrameScript
16.0@5454: suspicious.flash Embedded Flash
16.0@5454: suspicious.flash Embedded Flash define obj
1f4df5b7efcd7c5c58e17350eb28a3d8 view report 734e25ee7a9e5da064be4280257077245a678d089db0175ca02f38f73f47fc93 32794 37 J F    
6.0@320: suspicious.obfuscation using unescape
6.0@320: suspicious.obfuscation using substring
6.0@320: suspicious.string Shellcode NOP sled
6.0@320: suspicious.string heap spray shellcode
6.0@320: suspicious.warning: object contains JavaScript
7.0@4505: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
8.0@4699: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
9.0@4848: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
10.0@4972: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
11.0@5073: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
14.0@5331: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
15.0@5457: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
16.0@5556: flash.exploit CVE-2010-1297
16.0@5556: suspicious.flash Embedded Flash