PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
3014271f91501297f1f65706383e8afa view report 4913af985f87ea198dd051738a72148cd6bd28dec780f595cdd2cea98ec4f841 128974 6     P  
20.0@83334: suspicious.pdf embedded PDF file
20.0@83334: suspicious.warning: object contains embedded PDF
22.0@127715: pdf.exploit execute EXE file
22.0@127715: pdf.exploit access system32 directory
22.0@127715: pdf.exploit execute action command
22.0@127715: pdf.execute exe file
22.0@127715: pdf.execute access system32 directory
f2bf6b87b5ab15a1889bddbe0be0903f view report APT9001.pdf 21284 19 J      
6.0@587: suspicious.obfuscation using unescape
6.0@587: suspicious.obfuscation using substring
6.0@587: suspicious.warning: object contains JavaScript
ed89a01771a6a5f306381b9c015fb315 view report 33c387f594d10b07d2b1aded027a619223ee96204ddd356ca43a8239237d6413 7248 49 J      
6.0@409: suspicious.obfuscation using unescape
6.0@409: suspicious.obfuscation using substring
6.0@409: pdf.exploit util.printf CVE-2008-2992
6.0@409: suspicious.warning: object contains JavaScript
232b77707de59556165530105f6ea45b view report 091364da4b259d469b97cf1617471d08301c076b3155aafb5d3e682006bd9af7 6836 49 J      
6.0@403: suspicious.obfuscation using unescape
6.0@403: suspicious.obfuscation using substring
6.0@403: pdf.exploit util.printf CVE-2008-2992
6.0@403: suspicious.warning: object contains JavaScript
8cba2a0e1f68e004ecff64ceda63b161 view report c92799163da32fe40357988073c2151b36eb4d5679dcea1b959af7b3500bc8f2 6681 79 J      
5.0@368: suspicious.obfuscation using unescape
5.0@368: suspicious.obfuscation using substring
5.0@368: pdf.exploit Collab.getIcon CVE-2009-0927
5.0@368: suspicious.warning: object contains JavaScript
3a4e2ce5c7419fabe67b1d739bb18213 view report cc1528abcc7b8151a17cea4358079e7ff3106320782008cbc86c66b9ff4d72cf 3474 17 J      
1.0@15: suspicious.obfuscation using charCodeAt
1.0@15: suspicious.obfuscation using eval
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.warning: object contains JavaScript
9fe041c1a280564a2ccd44613df755b8 view report 42a56c33426ddb54d16fd06928e5190167f0d406e702a6013a43c7cbabc0adc5 2543 52 J      
1.0@15: suspicious.obfuscation using unescape
1.0@15: suspicious.obfuscation using substring
1.0@15: suspicious.string Shellcode NOP sled
1.0@15: pdf.exploit util.printf CVE-2008-2992
1.0@15: suspicious.warning: object contains JavaScript
8507366c6a9376d71e4605e4fa5918e8 view report 5282afc4795d187284563d9a86727b801f1478f951e6d23a85fb765590b959e1 3481 17 J      
1.0@15: suspicious.obfuscation using charCodeAt
1.0@15: suspicious.obfuscation using eval
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.warning: object contains JavaScript
5db073e5c132375e9f7b9fa77fdd12ea view report 55bcd74b-fa1c-4cbf-a5b6-fd714f6a7cd4.pdf 614204 2 J      
407.0@550379: suspicious.warning: object contains JavaScript
411.0@552050: suspicious.warning: object contains JavaScript
d96cb7a0f1504e5ff19b44f0ae68fcd1 view report 67c939d8fbd0c34a6f84beeecdcf2de0a62df5803468009efc8fecd4bc6dc1e7 8367 12 J      
8.0@2762: suspicious.javascript in XFA block
8.0@2762: suspicious.obfuscation using String.replace
8.0@2762: suspicious.warning: object contains JavaScript
461bf7ec7e80d9c6e4077204eaa2593a view report ff9c4409b1107ceea5345f2c041615dd68a47a1f816c6cad86f21b81153e8fee 33605 39 J F    
6.0@320: suspicious.obfuscation using unescape
6.0@320: suspicious.obfuscation using substring
6.0@320: suspicious.string Shellcode NOP sled
6.0@320: suspicious.string heap spray shellcode
6.0@320: suspicious.warning: object contains JavaScript
7.0@4118: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
8.0@4317: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
9.0@4464: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
10.0@4576: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
11.0@4661: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
14.0@4961: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
15.0@5085: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
16.0@5204: flash.exploit CVE-2010-3654
16.0@5204: suspicious.flash addFrameScript
16.0@5204: suspicious.flash Embedded Flash
16.0@5204: suspicious.flash Embedded Flash define obj
94d9c6f0bbab3d6883c1f2c35b8fffe7 view report f41acf72ea6ff4a2ac6e5c8f3072ca3961cec2a82f6076fc60755e8d1f2e91f7 9920 5 J      
27.0@7195: suspicious.obfuscation using eval
27.0@7195: suspicious.warning: object contains JavaScript
cfa12360c77c549af147aaf6143ba6c5 view report 8481fdc8871628e76da71f07408faaac3a6636b9cccb81def847cb67cff3b4aa 7199 49 J      
6.0@417: suspicious.obfuscation using unescape
6.0@417: suspicious.obfuscation using substring
6.0@417: pdf.exploit util.printf CVE-2008-2992
6.0@417: suspicious.warning: object contains JavaScript
f6e6dea476492f3d72acc70fe4fd4c14 view report f9072556ccad50e3826e4bd91a8c8abc7b8394307f4ec8f3c313c2c89bb3aa92 6007 49 J      
6.0@433: suspicious.obfuscation using unescape
6.0@433: suspicious.obfuscation using substring
6.0@433: pdf.exploit util.printf CVE-2008-2992
6.0@433: suspicious.warning: object contains JavaScript
c80598448ca0c0f1f59920ecb90f5cb8 view report d496a02bb7c520cfa61e50fb75768dcfd0bb544eb9a9f363c95e6cfee53e653c 6264 49 J      
6.0@401: suspicious.obfuscation using unescape
6.0@401: suspicious.obfuscation using substring
6.0@401: pdf.exploit util.printf CVE-2008-2992
6.0@401: suspicious.warning: object contains JavaScript