PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
ea85fc276bbdbce1f4ea7b4ff8f6f1d1 view report a1a84c92559c2246c709f4b262f2682a4734820ba8089ba2aa6c0519ffb48f9e 55403 19 J      
46.0@808: suspicious.warning: object contains JavaScript
47.0@1293: suspicious.warning: object contains JavaScript
48.0@1638: suspicious.warning: object contains JavaScript
3.0@13711: suspicious.javascript in XFA block
3.0@13711: suspicious.obfuscation using String.replace
3.0@13711: suspicious.obfuscation using substring
3.0@13711: suspicious.warning: object contains JavaScript
c2ec8309c59283aa1922c95b1d68ddba view report 0ce809730a3c9f093c83d06bf05b408f8b73862a232b971275224ad59992d686 266196 1 J     E
706.0@4793: suspicious.warning: object contains JavaScript
c855c235d8eada9ff55565886150d0c1 view report ab85ca07ba0ca9ffb03a5869f7b15ded2f6326e5a4f227024807f1f822158394 169144 94 J      
594.0@48102: suspicious.warning: object contains JavaScript
595.0@48201: suspicious.warning: object contains JavaScript
596.0@48300: suspicious.warning: object contains JavaScript
597.0@48399: suspicious.warning: object contains JavaScript
598.0@48498: suspicious.warning: object contains JavaScript
599.0@48597: suspicious.warning: object contains JavaScript
600.0@48696: suspicious.warning: object contains JavaScript
601.0@48795: suspicious.warning: object contains JavaScript
602.0@48852: suspicious.warning: object contains JavaScript
603.0@48909: suspicious.warning: object contains JavaScript
604.0@49018: suspicious.warning: object contains JavaScript
610.0@50888: suspicious.warning: object contains JavaScript
611.0@51024: suspicious.warning: object contains JavaScript
612.0@51123: suspicious.warning: object contains JavaScript
613.0@51222: suspicious.warning: object contains JavaScript
615.0@51344: suspicious.warning: object contains JavaScript
616.0@51443: suspicious.warning: object contains JavaScript
619.0@51621: suspicious.warning: object contains JavaScript
329.0@133896: suspicious.warning: object contains JavaScript
330.0@133987: suspicious.warning: object contains JavaScript
331.0@134075: suspicious.warning: object contains JavaScript
332.0@134166: suspicious.warning: object contains JavaScript
333.0@134254: suspicious.warning: object contains JavaScript
334.0@134345: suspicious.warning: object contains JavaScript
335.0@134433: suspicious.warning: object contains JavaScript
336.0@134524: suspicious.warning: object contains JavaScript
337.0@134612: suspicious.warning: object contains JavaScript
338.0@134703: suspicious.warning: object contains JavaScript
339.0@134791: suspicious.warning: object contains JavaScript
340.0@134882: suspicious.warning: object contains JavaScript
341.0@134970: suspicious.warning: object contains JavaScript
342.0@135061: suspicious.warning: object contains JavaScript
343.0@135149: suspicious.warning: object contains JavaScript
344.0@135240: suspicious.warning: object contains JavaScript
345.0@135328: suspicious.warning: object contains JavaScript
346.0@135469: suspicious.warning: object contains JavaScript
347.0@135625: suspicious.warning: object contains JavaScript
348.0@135749: suspicious.warning: object contains JavaScript
349.0@135881: suspicious.warning: object contains JavaScript
350.0@136018: suspicious.warning: object contains JavaScript
389.0@143901: suspicious.warning: object contains JavaScript
392.0@144771: suspicious.obfuscation toString
392.0@144771: suspicious.obfuscation using substring
392.0@144771: suspicious.warning: object contains JavaScript
395.0@145602: suspicious.obfuscation toString
395.0@145602: suspicious.warning: object contains JavaScript
398.0@146526: suspicious.obfuscation toString
398.0@146526: suspicious.warning: object contains JavaScript
401.0@147066: suspicious.warning: object contains JavaScript
404.0@147488: suspicious.warning: object contains JavaScript
407.0@148041: suspicious.obfuscation toString
407.0@148041: suspicious.obfuscation using substring
407.0@148041: suspicious.warning: object contains JavaScript
410.0@149492: suspicious.obfuscation toString
410.0@149492: suspicious.warning: object contains JavaScript
413.0@149776: suspicious.obfuscation toString
413.0@149776: suspicious.warning: object contains JavaScript
416.0@150184: suspicious.obfuscation toString
416.0@150184: suspicious.obfuscation using substring
416.0@150184: suspicious.warning: object contains JavaScript
419.0@150972: suspicious.warning: object contains JavaScript
422.0@151340: suspicious.obfuscation toString
422.0@151340: suspicious.warning: object contains JavaScript
424.0@153038: suspicious.warning: object contains JavaScript
425.0@153154: suspicious.warning: object contains JavaScript
426.0@153277: suspicious.warning: object contains JavaScript
427.0@153400: suspicious.warning: object contains JavaScript
428.0@153522: suspicious.warning: object contains JavaScript
429.0@153639: suspicious.warning: object contains JavaScript
430.0@153754: suspicious.warning: object contains JavaScript
431.0@153872: suspicious.warning: object contains JavaScript
461.0@158075: suspicious.warning: object contains JavaScript
3ee199441784d963bf89b4b5d731b16c view report 465b070319e5d589a53393769b11643b1300f9346adf4f7c8c1b835c954d0e00 6641 12 J      
13.0@1155: suspicious.javascript in XFA block
13.0@1155: suspicious.obfuscation using substr
13.0@1155: suspicious.warning: object contains JavaScript
cc03cb02c07a7f5d37f63286d10a24f8 view report fbd4f5d9f70a61dd58833d509f3cbb44b8816ab2f2415c975fb7285f3d0eb460 70710 24 J      
8.0@149: suspicious.obfuscation using unescape
8.0@149: suspicious.javascript in XFA block
8.0@149: suspicious.warning: object contains JavaScript
2712d9bad52c0e67a648898abe04b505 view report 995fc45de3b630bbfb0270e78af3e0c0c601ce984eeb181894ac8634a6f33526 53199 6 J      
34.0@50844: suspicious.obfuscation using unescape
34.0@50844: suspicious.warning: object contains JavaScript
e166acae98cafab7991d9a4b8e1e10b7 view report b7f7f0987af40a9ce06084d22ec9bd938538e6fe422abca5d599b334acfecb5b 39968 6 J      
27.0@37877: suspicious.obfuscation using unescape
27.0@37877: suspicious.warning: object contains JavaScript
9e9287a0f81290a8f17816f87292a193 view report 14fa18b024612786fc09e22231dd0fd512acaa044da377bb751f4b1c0ee356e3 202791 3 J     E
27.0@22152: suspicious.warning: object contains JavaScript
28.0@22675: suspicious.warning: object contains JavaScript
29.0@23054: suspicious.warning: object contains JavaScript
6088a6dbe525729face780a9dff8f0ab view report fbc98904ba75973b7c4ecf90011c0675028ffc0a2ca92135c0af6166f07633fa 60514 6     P  
21.0@15110: suspicious.pdf embedded PDF file
21.0@15110: suspicious.warning: object contains embedded PDF
23.0@59538: pdf.exploit execute EXE file
23.0@59538: pdf.exploit access system32 directory
23.0@59538: pdf.exploit execute action command
23.0@59538: pdf.execute exe file
23.0@59538: pdf.execute access system32 directory
01f8a7966f94a44b7913abfab0b9125a view report 6386572e8daf86fc96a6b499cf5e30f145f5065c959a5ffdbb985463793093c9 6717 49 J      
6.0@417: suspicious.obfuscation using unescape
6.0@417: suspicious.obfuscation using substring
6.0@417: pdf.exploit util.printf CVE-2008-2992
6.0@417: suspicious.warning: object contains JavaScript
202b5e163c1650692a65b6041b81d698 view report e574ecc9f8ddc2edf5e80bf71d3c67c7c7357b1f91ddc21faf8510087ffe235f 46168 6     P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
10.0@45037: pdf.exploit execute EXE file
10.0@45037: pdf.exploit access system32 directory
10.0@45037: pdf.exploit execute action command
10.0@45037: pdf.execute exe file
10.0@45037: pdf.execute access system32 directory
91f76b0e4ba7e5c932d5a7ac144eda3b view report 66c7087eee3a78dc012df0c3930e235671ee95721b82d4f320f33c1bd1136392 145310 6     P  
42.0@99532: suspicious.pdf embedded PDF file
42.0@99532: suspicious.warning: object contains embedded PDF
44.0@144121: pdf.exploit execute EXE file
44.0@144121: pdf.exploit access system32 directory
44.0@144121: pdf.exploit execute action command
44.0@144121: pdf.execute exe file
44.0@144121: pdf.execute access system32 directory
a584811dbc452cdf7596315aab640562 view report 83fa9bee5bff55cdabd503ca804d41e2de65d9b0ede87125d0f2995fad3a86fc 256947 6 J     E
1.0@16: suspicious.obfuscation using eval
1.0@16: suspicious.obfuscation using app.setTimeOut to eval code
1.0@16: suspicious.warning: object contains JavaScript
47d85b214c71512b75c9c888c7362004 view report cc05d2113b9898c528ed9aadc33a7cf47f095883251c995720b7aca4e27f9bc8 2655 12        
1712.0@2140: suspicious.obfuscation using charCodeAt
1712.0@2140: suspicious.obfuscation using String.fromCharCode
1713.0@2531: suspicious.obfuscation using eval
6674bb48ba5401bc3b91b4e888411df4 view report da62d899f3994100ded42a996220ee41d93bd28a9a15a8b033203ea76fb26fba 26981 6 J      
20.0@24900: suspicious.obfuscation using unescape
20.0@24900: suspicious.warning: object contains JavaScript