PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
5a01c2f288a64041dcdb8474dc80a80d view report 9da4d2f3a80c6aba851ef6a3623298e915f7e3de6e9ec2ff8138068b3c733544 46380 6     P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
10.0@45249: pdf.exploit execute EXE file
10.0@45249: pdf.exploit access system32 directory
10.0@45249: pdf.exploit execute action command
10.0@45249: pdf.execute exe file
10.0@45249: pdf.execute access system32 directory
d540a0ef878bb93976f78db1c7196e60 view report c7e8787b1f8d873ad4ac86498562306694b285183b5d1285eb54a5f758246fb1 2039284 6     P  
1156.0@1993607: suspicious.pdf embedded PDF file
1156.0@1993607: suspicious.warning: object contains embedded PDF
1158.0@2037905: pdf.exploit execute EXE file
1158.0@2037905: pdf.exploit access system32 directory
1158.0@2037905: pdf.exploit execute action command
1158.0@2037905: pdf.execute exe file
1158.0@2037905: pdf.execute access system32 directory
1fe1fe414daf6cf18fe345df569dd3a8 view report 54f5209fff343d1c7da12f184d5271371a1d23b91ad97386f14f4d7d837aaddd 26941 6 J      
20.0@25016: suspicious.obfuscation using unescape
20.0@25016: suspicious.warning: object contains JavaScript
e53c227941ea4783d4962b81630cf524 view report 5c11a762be43175feffc1eb6edf60054c42e13f8ad9cc893f45705a2e1b17892 37484 27 J      
7.0@412: suspicious.obfuscation using unescape
7.0@412: suspicious.obfuscation using eval
7.0@412: suspicious.obfuscation getAnnots access blocks
7.0@412: suspicious.warning: object contains JavaScript
8.0@613: suspicious.obfuscation using charCodeAt
8.0@613: suspicious.obfuscation using eval
8.0@613: suspicious.obfuscation toString
8.0@613: suspicious.obfuscation using substr
8.0@613: suspicious.obfuscation using String.fromCharCode
c6d7a78a56b7f1d78e67de0c30e7e9a6 view report 21996cd5fd2bfb28e9831c09f680d88c9d7c6d7d880c2bf51e9172eedfa4e716 45101 23 J      
7.0@412: suspicious.obfuscation using unescape
7.0@412: suspicious.obfuscation using eval
7.0@412: suspicious.obfuscation getAnnots access blocks
7.0@412: suspicious.warning: object contains JavaScript
8.0@618: suspicious.obfuscation using eval
8.0@618: suspicious.obfuscation using substr
8.0@618: suspicious.obfuscation using String.fromCharCode
69f024ad6fb77c621092fa5b61198ce0 view report 52fc2c80f185a4decf1ffe1dbbc76b495bef001a7d3a45ca5bdb0332181ac9b2 9082 19 J      
1.0@15: suspicious.obfuscation using charCodeAt
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation toString
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using substring
1.0@15: pdf.exploit BMP RLE integer heap overflow CVE-2013-2729
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
dce18e1792372580848e5a37ec56dddf view report 84e642d7e91788c382e9e18c0860bf836af8959c4dfabbf36d755d6902855551 45393 23 J      
7.0@412: suspicious.obfuscation using unescape
7.0@412: suspicious.obfuscation using eval
7.0@412: suspicious.obfuscation getAnnots access blocks
7.0@412: suspicious.warning: object contains JavaScript
8.0@618: suspicious.obfuscation using eval
8.0@618: suspicious.obfuscation using substr
8.0@618: suspicious.obfuscation using String.fromCharCode
bc17c5041e8f122f27a4a6c5313ff72d view report 85370d90142cb6a66b9028858490f18cfe2e7853a0798dbc91f71e32d28cf815 45213 23 J      
7.0@412: suspicious.obfuscation using unescape
7.0@412: suspicious.obfuscation using eval
7.0@412: suspicious.obfuscation getAnnots access blocks
7.0@412: suspicious.warning: object contains JavaScript
8.0@618: suspicious.obfuscation using eval
8.0@618: suspicious.obfuscation using substr
8.0@618: suspicious.obfuscation using String.fromCharCode
bcba740df6d64c0cd28ca4ddc7fd5482 view report 4b8dbd6a0c393e16b00e0fe0e7cfec8850f127d186f6c50d04553c4d442be166 26971 6 J      
20.0@24970: suspicious.obfuscation using unescape
20.0@24970: suspicious.warning: object contains JavaScript
91388a3954c5627369ea3dc2d4a60bdf view report a4d10c2831f706b63bc967feaa2a5e6a88659a5dfaf0af393e035f0d33873a90 46227 6     P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
10.0@45096: pdf.exploit execute EXE file
10.0@45096: pdf.exploit access system32 directory
10.0@45096: pdf.exploit execute action command
10.0@45096: pdf.execute exe file
10.0@45096: pdf.execute access system32 directory
82cfa54a2163a4f6b80d546d55c4c080 view report c2783eb4277494f8b0ca2dfa481d3fdf71f5ba66e3a21610927d691f66e052c3 2298477 127 J      
92.0@11253: suspicious.obfuscation using unescape
92.0@11253: suspicious.obfuscation getAnnots access blocks
92.0@11253: suspicious.warning: object contains JavaScript
112.0@502423: suspicious.obfuscation using unescape
112.0@502423: suspicious.obfuscation using charCodeAt
112.0@502423: suspicious.obfuscation using eval
112.0@502423: suspicious.obfuscation using substr
112.0@502423: suspicious.obfuscation using String.fromCharCode
113.0@506698: suspicious.obfuscation using unescape
113.0@506698: suspicious.obfuscation using charCodeAt
113.0@506698: suspicious.obfuscation using eval
113.0@506698: suspicious.obfuscation using substr
113.0@506698: suspicious.obfuscation using String.fromCharCode
113.0@506698: suspicious.warning: object contains JavaScript
115.0@1873215: suspicious.obfuscation using unescape
115.0@1873215: suspicious.obfuscation using eval
115.0@1873215: suspicious.obfuscation using substr
116.0@1909967: suspicious.obfuscation getAnnots access blocks
116.0@1909967: suspicious.warning: object contains JavaScript
117.0@1910977: suspicious.obfuscation using unescape
117.0@1910977: suspicious.obfuscation using eval
117.0@1910977: suspicious.obfuscation using substr
117.0@1910977: suspicious.warning: object contains JavaScript
30.0@2285607: suspicious.obfuscation getAnnots access blocks
30.0@2285607: suspicious.warning: object contains JavaScript
91850227b545033377c49f869631e34d view report 34ec7da91cfbff0edf21e575d6df522dcb62507ef62cf2cac2639495c187ec11 26720 6 J      
20.0@24903: suspicious.obfuscation using unescape
20.0@24903: suspicious.warning: object contains JavaScript
b7f0a955acecb902eee74041a3e92f63 view report de1fc7eb243102adc2694655e1a0667dd39fdfefc8a0bc754bb00828372e942f 735566 6     P  
673.0@690090: suspicious.pdf embedded PDF file
673.0@690090: suspicious.warning: object contains embedded PDF
675.0@734446: pdf.exploit execute EXE file
675.0@734446: pdf.exploit access system32 directory
675.0@734446: pdf.exploit execute action command
675.0@734446: pdf.execute exe file
675.0@734446: pdf.execute access system32 directory
652231c1637dfda900a799f68f462fd8 view report 0a5261db81ecc45e30450ae0f6f6cd5cda38f4adb6a36d8206a446225d7d6580 52881 6 J      
34.0@50716: suspicious.obfuscation using unescape
34.0@50716: suspicious.warning: object contains JavaScript
b0ecd09c13dc0a44c5e9eebb417146f2 view report df942d8f2cf41bc4bc331e4086194304be450cafe19633f4160b01cd049d103b 40236 6 J      
27.0@38089: suspicious.obfuscation using unescape
27.0@38089: suspicious.warning: object contains JavaScript