PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
ddea16f095ca60414ee715aa20c95fe5 view report amazon_order_confirmation.pdf 14560 8 J      
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.obfuscation using substring
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
ddea16f095ca60414ee715aa20c95fe5 view report aa_ticket_QB38810882CA.pdf 14560 8 J      
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.obfuscation using substring
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
594dad75742ca50311455d1bf3ee2563 view report APT9002.pdf 24684 2 J      
14.0@751: suspicious.obfuscation using unescape
14.0@751: suspicious.warning: object contains JavaScript
b3dfb86daab1ce882e599b8b61c400e5 view report APT9001.pdf 21124 2 J      
6.0@489: suspicious.obfuscation using unescape
6.0@489: suspicious.warning: object contains JavaScript
f2bf6b87b5ab15a1889bddbe0be0903f view report APT9001.pdf 21284 19 J      
6.0@587: suspicious.obfuscation using unescape
6.0@587: suspicious.obfuscation using substring
6.0@587: suspicious.warning: object contains JavaScript
6b792bfa3e96d4cdf64a5d995360f4a4 view report InvoiceID-CTYWZ0MKQN88NWML8N.pdf 14628 8 J      
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.obfuscation using substring
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
e21564c4cbe4df729a912c4d9db49216 view report a3b4756bd8c742773182500e328170bf9ebf997d5db603ab851afef116eb979f 385310 2        
0.0@380504: suspicious.obfuscation using eval
0.0@380504: suspicious.obfuscation using String.fromCharCode
-1.-1@380575: suspicious.warning: end of file contains content
3fec3d1681deed34268ac8b6edb3ac5f view report 403e717fe964e4e3fe217f7e7ec1cd0c82cff67b902c1b924919fe3f0941e3d2 246823 2        
0.0@242017: suspicious.obfuscation using eval
0.0@242017: suspicious.obfuscation using String.fromCharCode
-1.-1@242088: suspicious.warning: end of file contains content
fcb0b8fd24386e4e51147469a1d6f15c view report 317c988100fc4e281f55cc971358bb8354e48829ac3eee94aa1344b3e3d268dc 244775 2        
0.0@239969: suspicious.obfuscation using eval
0.0@239969: suspicious.obfuscation using String.fromCharCode
-1.-1@240040: suspicious.warning: end of file contains content
a3e7120fa48a76c5c8cf67902cbc2835 view report 4e256eacce9da42d384877058eedc5914754633a62e32827fc43b0634e1f2f8e 245586 2        
0.0@240780: suspicious.obfuscation using eval
0.0@240780: suspicious.obfuscation using String.fromCharCode
-1.-1@240851: suspicious.warning: end of file contains content
d8110e6f544714a2a5b9c755f0265baa view report 21585e09e373034f9b5f6f64f69b9dc19451c48a24e7ff9c663b85ceb7230f98 244855 2        
0.0@240049: suspicious.obfuscation using eval
0.0@240049: suspicious.obfuscation using String.fromCharCode
-1.-1@240120: suspicious.warning: end of file contains content
cb76bdea1767817f39346e04cfb6792d view report 6e7f2b14aa53d602df7ef4a2912ef3151c24dcf1659bcea23b1198a62858dd45 244732 2        
0.0@239926: suspicious.obfuscation using eval
0.0@239926: suspicious.obfuscation using String.fromCharCode
-1.-1@239997: suspicious.warning: end of file contains content
3ddc2fb17387b1b33479f5ad7892333d view report ad0567fcded1f044c165d242953a8e325e9c560be48eb92eda4c348c5124d9d3 244732 2        
0.0@239926: suspicious.obfuscation using eval
0.0@239926: suspicious.obfuscation using String.fromCharCode
-1.-1@239997: suspicious.warning: end of file contains content
e0129a4c3eddb9c91360e8a1e5922eee view report f113868028d0c31996d7019809c4de423a33208c030ef3da9e68547082147deb 247622 2        
0.0@242816: suspicious.obfuscation using eval
0.0@242816: suspicious.obfuscation using String.fromCharCode
-1.-1@242887: suspicious.warning: end of file contains content
420aec5c2d2ef7abfd4cca76c612e667 view report 2dbf78059481450a77bf3d4464b0d769584c3af5712d28b084eefc4d7396a40c 3533 82 J      
6.0@419: suspicious.obfuscation using unescape
6.0@419: suspicious.obfuscation using substring
6.0@419: pdf.suspicious util.printd used to fill buffers
6.0@419: pdf.exploit media.newPlayer CVE-2009-4324
6.0@419: suspicious.warning: object contains JavaScript