PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
cc9748d8aa48fa6979e293a6d3f2a178 view report c6aeeffd45b62c9527020bab6205587bb0a37f2f94446f79b7f0fcc4cbf0b91b 40142 6 J      
27.0@38213: suspicious.obfuscation using unescape
27.0@38213: suspicious.warning: object contains JavaScript
1b81e1edf32f8fe314bcb86ae3577c7e view report f5555e83e94f84d590396e70d09625c0fa691ec6bca9e18fc7e98376cfdb47c3 8155 7 J      
10.0@884: suspicious.javascript in XFA block
10.0@884: suspicious.warning: object contains JavaScript
02aa579aadcb8cb49b8cb0904a0d87e0 view report 1a8ab19329644b8ab476fa6f38a3ec0f67af579a695c91493c49baa044ef5526 1182 4        
5.0@241: suspicious.obfuscation toString
5.0@241: pdf.exploit execute EXE file
5.0@241: pdf.execute exe file
4a72cb4f66d844a097a39bd698fff101 view report c2cd0ad999de3b2d05d006bca18a026cc75e2b333511a8e1c3359e25040a7d04 375901 6     P  
54.0@330343: suspicious.pdf embedded PDF file
54.0@330343: suspicious.warning: object contains embedded PDF
56.0@374667: pdf.exploit execute EXE file
56.0@374667: pdf.exploit access system32 directory
56.0@374667: pdf.exploit execute action command
56.0@374667: pdf.execute exe file
56.0@374667: pdf.execute access system32 directory
d3e986e4d08158265902b60d06c7f322 view report 93ed231e2befea1e6b13d6f406c8985b7472c8662a9d868034566f9ccd0f0037 489660 6     P  
56.0@443629: suspicious.pdf embedded PDF file
56.0@443629: suspicious.warning: object contains embedded PDF
58.0@488121: pdf.exploit execute EXE file
58.0@488121: pdf.exploit access system32 directory
58.0@488121: pdf.exploit execute action command
58.0@488121: pdf.execute exe file
58.0@488121: pdf.execute access system32 directory
a1a469ecdd9c86baff7513ded9a8da50 view report 5c401c08879225182e4586b97a9891fb643779bba8f691d5ca7d87eb9f0a6031 5154679 8        
725.0@2235046: suspicious.obfuscation using eval
2847.0@4699566: suspicious.obfuscation using eval
15c32050e5a8781665d5897df7572ea0 view report e8f266f0877a4a7dfb28f8307793c56291412b8a3f07099c58b1313e5c60cc7c 174231 6     P  
44.0@128477: suspicious.pdf embedded PDF file
44.0@128477: suspicious.warning: object contains embedded PDF
46.0@172820: pdf.exploit execute EXE file
46.0@172820: pdf.exploit access system32 directory
46.0@172820: pdf.exploit execute action command
46.0@172820: pdf.execute exe file
46.0@172820: pdf.execute access system32 directory
4f576c8733edd023a49724d654bdfeec view report 82a475be229a3bfa19383b75d2cc69fc388410bf7e43ac86bf6c3ae0be0bd453 1229989 15 J      
925.0@1893: suspicious.warning: object contains JavaScript
926.0@2385: suspicious.warning: object contains JavaScript
927.0@2732: suspicious.warning: object contains JavaScript
178.0@345220: suspicious.javascript in XFA block
178.0@345220: suspicious.obfuscation toString
178.0@345220: suspicious.warning: object contains JavaScript
6b91482bf0c442b2bba48bb47068ad67 view report 17781e2a9adeb091aafa07280ab7caa87f0380dec2ee90ce64bbed722ec014cb 271253 15 J      
348.0@19340: suspicious.warning: object contains JavaScript
349.0@19831: suspicious.warning: object contains JavaScript
350.0@20178: suspicious.warning: object contains JavaScript
3.0@154874: suspicious.javascript in XFA block
3.0@154874: suspicious.obfuscation toString
3.0@154874: suspicious.warning: object contains JavaScript
d210403a9d63879c0b2acf41b6d82720 view report efefc7e889ee031e402dac2a05e6d4762144497b6007c9ef73628935d766aa4c 9940 7 J      
17.0@7556: suspicious.javascript in XFA block
17.0@7556: suspicious.warning: object contains JavaScript
611d01cdd4a4d34c0e01d306f5af2f5c view report a15506df46813db08635305ce07098226a65376c57bae017fffec3be8fde688b 17122 6     P  
21.0@15110: suspicious.pdf embedded PDF file
21.0@15110: suspicious.warning: object contains embedded PDF
23.0@16146: pdf.exploit execute EXE file
23.0@16146: pdf.exploit access system32 directory
23.0@16146: pdf.exploit execute action command
23.0@16146: pdf.execute exe file
23.0@16146: pdf.execute access system32 directory
a282a2513d7587e4780a6bf1eb387934 view report f4ca4bb17cb42fdf37e3b8e8fee3e6e70968165bfe2dad1423ab295983d35cc4 10692 30        
1.0@17: pdf.exploit TIFF overflow CVE-2010-0188
f38130ec3016c6870155dd4e10419714 view report fd0cc32f0e05c4593aab625981a41bd7065663d0269dc03a0f07a7c603928ff4 10685 30        
1.0@17: pdf.exploit TIFF overflow CVE-2010-0188
88abac8762a82025c9ea3ea071d65fe1 view report a30a48d2934eed07944235447c60deae1567c9acf0a6e688f8bea632551eaa75 408406 117 J      
2.0@15: suspicious.warning: object contains JavaScript
5.0@7476: suspicious.obfuscation toString
5.0@7476: suspicious.obfuscation using substr
5.0@7476: suspicious.obfuscation using String.replace
5.0@7476: suspicious.warning: object contains JavaScript
7.0@9691: suspicious.obfuscation toString
7.0@9691: suspicious.obfuscation using substr
7.0@9691: suspicious.warning: object contains JavaScript
9.0@10783: suspicious.obfuscation toString
9.0@10783: suspicious.warning: object contains JavaScript
11.0@11245: suspicious.obfuscation using String.replace
11.0@11245: suspicious.warning: object contains JavaScript
13.0@12360: suspicious.obfuscation toString
13.0@12360: suspicious.warning: object contains JavaScript
15.0@15982: suspicious.obfuscation toString
15.0@15982: suspicious.obfuscation using String.replace
15.0@15982: suspicious.warning: object contains JavaScript
17.0@17568: suspicious.obfuscation toString
17.0@17568: suspicious.obfuscation using String.replace
17.0@17568: suspicious.warning: object contains JavaScript
19.0@19367: suspicious.obfuscation toString
19.0@19367: suspicious.warning: object contains JavaScript
21.0@21027: suspicious.warning: object contains JavaScript
23.0@21898: suspicious.warning: object contains JavaScript
25.0@24468: suspicious.obfuscation using String.replace
25.0@24468: suspicious.obfuscation using substring
25.0@24468: suspicious.warning: object contains JavaScript
27.0@26080: suspicious.obfuscation using eval
27.0@26080: suspicious.warning: object contains JavaScript
29.0@27226: suspicious.obfuscation toString
29.0@27226: suspicious.warning: object contains JavaScript
31.0@29266: suspicious.warning: object contains JavaScript
33.0@31102: suspicious.warning: object contains JavaScript
35.0@31548: suspicious.obfuscation using eval
35.0@31548: suspicious.obfuscation using substr
35.0@31548: suspicious.warning: object contains JavaScript
37.0@35224: suspicious.warning: object contains JavaScript
39.0@35762: suspicious.warning: object contains JavaScript
41.0@36642: suspicious.obfuscation toString
41.0@36642: suspicious.obfuscation using substring
41.0@36642: suspicious.warning: object contains JavaScript
43.0@40171: suspicious.obfuscation using eval
43.0@40171: suspicious.obfuscation toString
43.0@40171: suspicious.obfuscation using substr
43.0@40171: suspicious.obfuscation using app.setTimeOut to eval code
43.0@40171: pdf.suspicious util.printd used to fill buffers
43.0@40171: suspicious.warning: object contains JavaScript
45.0@45073: suspicious.obfuscation using eval
45.0@45073: suspicious.obfuscation using substr
45.0@45073: suspicious.obfuscation using substring
45.0@45073: suspicious.warning: object contains JavaScript
47.0@50144: suspicious.warning: object contains JavaScript
49.0@52499: suspicious.obfuscation using eval
49.0@52499: suspicious.obfuscation using substring
49.0@52499: pdf.suspicious util.printd used to fill buffers
49.0@52499: suspicious.warning: object contains JavaScript
51.0@56424: suspicious.obfuscation toString
51.0@56424: suspicious.obfuscation using app.setTimeOut to eval code
51.0@56424: suspicious.warning: object contains JavaScript
53.0@59274: suspicious.obfuscation using eval
53.0@59274: suspicious.warning: object contains JavaScript
55.0@60034: suspicious.obfuscation using app.setTimeOut to eval code
55.0@60034: suspicious.warning: object contains JavaScript
57.0@64333: suspicious.obfuscation using substring
57.0@64333: suspicious.warning: object contains JavaScript
59.0@66348: suspicious.warning: object contains JavaScript
61.0@66611: suspicious.obfuscation using substring
61.0@66611: pdf.suspicious util.printd used to fill buffers
61.0@66611: suspicious.warning: object contains JavaScript
1096.0@136400: suspicious.warning: object contains JavaScript
47088fae490cc35ebe136b4515c9b88c view report e0f3f89c4cfd0027ac457ef72e9f864f7643668b7568af00c4f26983b844936c 4470 3 J      
6.0@3454: suspicious.warning: object contains JavaScript
16.0@3582: suspicious.warning: object contains JavaScript
26.0@3713: suspicious.warning: object contains JavaScript