PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
340347b35937566e12b2b6bf9faad3b4 view report 3b59b592638aa5c1be1225c21de4b27529a585629080cb682493e2e472017f7d 175766 108 J      
20.0@3224: suspicious.warning: object contains JavaScript
28.0@4028: suspicious.warning: object contains JavaScript
30.0@4158: suspicious.warning: object contains JavaScript
32.0@4288: suspicious.warning: object contains JavaScript
34.0@4418: suspicious.warning: object contains JavaScript
144.0@13092: suspicious.obfuscation using String.fromCharCode
144.0@13092: suspicious.warning: object contains JavaScript
146.0@13712: suspicious.warning: object contains JavaScript
148.0@17156: suspicious.warning: object contains JavaScript
150.0@17939: suspicious.obfuscation toString
150.0@17939: suspicious.obfuscation using substr
150.0@17939: suspicious.obfuscation using String.replace
150.0@17939: suspicious.warning: object contains JavaScript
152.0@20412: suspicious.obfuscation toString
152.0@20412: suspicious.obfuscation using substr
152.0@20412: suspicious.warning: object contains JavaScript
154.0@21404: suspicious.obfuscation toString
154.0@21404: suspicious.warning: object contains JavaScript
156.0@21877: suspicious.obfuscation using String.replace
156.0@21877: suspicious.warning: object contains JavaScript
158.0@23013: suspicious.obfuscation toString
158.0@23013: suspicious.warning: object contains JavaScript
160.0@26591: suspicious.obfuscation toString
160.0@26591: suspicious.obfuscation using String.replace
160.0@26591: suspicious.warning: object contains JavaScript
162.0@28124: suspicious.obfuscation toString
162.0@28124: suspicious.obfuscation using String.replace
162.0@28124: suspicious.warning: object contains JavaScript
164.0@29882: suspicious.obfuscation toString
164.0@29882: suspicious.warning: object contains JavaScript
166.0@31497: suspicious.warning: object contains JavaScript
168.0@32386: suspicious.warning: object contains JavaScript
170.0@34727: suspicious.obfuscation toString
170.0@34727: suspicious.warning: object contains JavaScript
172.0@37426: suspicious.obfuscation using eval
172.0@37426: suspicious.obfuscation toString
172.0@37426: suspicious.warning: object contains JavaScript
174.0@41878: suspicious.obfuscation using eval
174.0@41878: suspicious.warning: object contains JavaScript
176.0@44486: suspicious.warning: object contains JavaScript
178.0@45498: suspicious.warning: object contains JavaScript
180.0@46993: suspicious.warning: object contains JavaScript
182.0@47416: suspicious.obfuscation using eval
182.0@47416: suspicious.warning: object contains JavaScript
184.0@47988: suspicious.warning: object contains JavaScript
186.0@51158: suspicious.obfuscation using eval
186.0@51158: suspicious.warning: object contains JavaScript
188.0@52103: suspicious.obfuscation toString
188.0@52103: suspicious.warning: object contains JavaScript
190.0@54097: suspicious.warning: object contains JavaScript
192.0@55858: suspicious.obfuscation using eval
192.0@55858: suspicious.obfuscation using substr
192.0@55858: suspicious.warning: object contains JavaScript
194.0@58640: suspicious.warning: object contains JavaScript
196.0@58862: suspicious.warning: object contains JavaScript
07d6b7227187b34dcd2906c7665b267d view report 9a977360c51e7b26a1109351512672c3059d6dca6c1af4e4deb424cbacd680a3 787850 6     P  
1567.0@741829: suspicious.pdf embedded PDF file
1567.0@741829: suspicious.warning: object contains embedded PDF
1569.0@786506: pdf.exploit execute EXE file
1569.0@786506: pdf.exploit access system32 directory
1569.0@786506: pdf.exploit execute action command
1569.0@786506: pdf.execute exe file
1569.0@786506: pdf.execute access system32 directory
7a25293dc3edeb5b980da77405a1e5f8 view report 7766572a3153b744624bf13345d1c181387d97383356589afb47daba8ac7b036 410464 4        
35.0@371544: suspicious.obfuscation using eval
aebbb9daf1ddcc58d6eb51e061290149 view report 30016702cc08564c780111a284a2465cff8a6d748294884692cb1d008e715ae9 32756 10 J      
46.0@8303: suspicious.obfuscation toString
46.0@8303: suspicious.obfuscation using String.fromCharCode
46.0@8303: suspicious.warning: object contains JavaScript
1a3c495047f9f5ebe10c6127220e84a0 view report fd0b808961c71dfc338da540d03332deb5a93c5ddd10827bb4b2cb9a36e5149c 9524 4 J      
111.0@3961: suspicious.javascript in XFA block
111.0@3961: suspicious.warning: object contains JavaScript
538e5f2c9f5fca226eda31d8d4d26913 view report 5d6b65d4cc9677c6ec890e7d8264b10a90343661e1e7e26b5983da591a2a6ce8 2466919 3        
1189.0@1161868: suspicious.obfuscation using eval
63a2ba1b1ec6fd4b34758e6c5d0a7618 view report 07df3a5fa513c61b4c290f8cde914f7dfc218b40c225aace1885ad1c5545c2e7 9385 5 J      
111.0@4016: suspicious.javascript in XFA block
111.0@4016: suspicious.warning: object contains JavaScript
9706449caf721e1e92a0c6f75bc4983f view report c0b004b5775f04e4445d71223377b79ac388e9797ff49d083d8abb460f3b52f0 9487 5 J      
111.0@4016: suspicious.javascript in XFA block
111.0@4016: suspicious.warning: object contains JavaScript
b11a0487086e06e320991961d4400e54 view report b50c6f41a85543f6ebaa652b819b5533dcc2bd499601979d0da8f3a86086e995 15091 17 J      
1.0@5229: suspicious.obfuscation using unescape
1.0@5229: suspicious.javascript in XFA block
1.0@5229: suspicious.obfuscation using substr
1.0@5229: suspicious.warning: object contains JavaScript
89839fa52903a365e7933a0e8efe4db7 view report inovice_AUG_8743565.pdf 15051 8 J      
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.obfuscation using substring
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
64c0d9614232283cb5b1cea88433fd2c view report 736d870eaeeb5c0ac4a20fbf2c3b2ceb9b39464c992e0d445ee484b99d8c94b6 9815 12 J      
9999.0@4412: suspicious.javascript in XFA block
9999.0@4412: suspicious.obfuscation using String.replace
9999.0@4412: suspicious.warning: object contains JavaScript
11222d1549a45a1e8b075cc43c6043d1 view report 3a1e9c82ab0291e68087fc5ab14ee9bf238255ca95809122cc51bc926ec306f0 10556 12 J      
9999.0@4412: suspicious.javascript in XFA block
9999.0@4412: suspicious.obfuscation using String.replace
9999.0@4412: suspicious.warning: object contains JavaScript
c99a5e39230121a815de358c9d84a5ee view report 77ba23b0d547e697333b644ec2497fed2138f04b4722ce86912b20c4e8da8397 9766 12 J      
9999.0@4412: suspicious.javascript in XFA block
9999.0@4412: suspicious.obfuscation using String.replace
9999.0@4412: suspicious.warning: object contains JavaScript
43df98cc8733ded2294c6e5bf01117fd view report 019af41acb1c99444695132ae2d3f2fa5d46e7a7bbffb2c7542886c9e1535a3b 10912 12 J      
9999.0@4412: suspicious.javascript in XFA block
9999.0@4412: suspicious.obfuscation using String.replace
9999.0@4412: suspicious.warning: object contains JavaScript
458d97c69109c9221d08914164d1a51d view report 726e40433f3d25ffaf1b1cfd2eeff11f3aaf69632dbe0fe461086e5582862e88 60334 6     P  
21.0@15110: suspicious.pdf embedded PDF file
21.0@15110: suspicious.warning: object contains embedded PDF
23.0@59358: pdf.exploit execute EXE file
23.0@59358: pdf.exploit access system32 directory
23.0@59358: pdf.exploit execute action command
23.0@59358: pdf.execute exe file
23.0@59358: pdf.execute access system32 directory