PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
7dc172e9c20833689d9cb306dc044f86 view report sage_invoice_3074381_09042014.pdf 20287 18 J      
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.obfuscation using substring
1.0@15: pdf.exploit BMP RLE integer heap overflow CVE-2013-2729
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
f463313a42a8b915e12be7b37bf7a1e1 view report 1bf8b76038d3281b89b8d86d428fba608f8dfddae81d143f2f5d0cfd0836379d 13219 13 J      
8.0@181: suspicious.javascript in XFA block
8.0@181: suspicious.obfuscation using substr
8.0@181: suspicious.warning: object contains JavaScript
17.0@12913: suspicious.warning: object contains JavaScript
d59b8ca519d76eebcffb8cf4a8deaed8 view report Wells-confidential_doc.pdf 20082 18 J      
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.obfuscation using substring
1.0@15: pdf.exploit BMP RLE integer heap overflow CVE-2013-2729
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
bc9ad4d5cef433bc8d101b7748a1cf8f view report 2b18f6da16a31741129807a40660953e5f4d0049901e745f40f6f7ce15d6e773 20335 18 J      
1.0@76: suspicious.javascript in XFA block
1.0@76: suspicious.obfuscation using String.fromCharCode
1.0@76: suspicious.obfuscation using String.replace
1.0@76: suspicious.obfuscation using substring
1.0@76: pdf.exploit BMP RLE integer heap overflow CVE-2013-2729
1.0@76: block size over 10MB
1.0@76: suspicious.warning: object contains JavaScript
b63ce5df21c6b0bf2296388fb3f056a5 view report 237defe4db5e54eba57c1dde110dbd7e9d5a83e96c7060419f8c38af829cca2f 6646 49 J      
6.0@423: suspicious.obfuscation using unescape
6.0@423: suspicious.obfuscation using substring
6.0@423: pdf.exploit util.printf CVE-2008-2992
6.0@423: suspicious.warning: object contains JavaScript
d59b8ca519d76eebcffb8cf4a8deaed8 view report invoice_44097351.pdf 20082 18 J      
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.obfuscation using substring
1.0@15: pdf.exploit BMP RLE integer heap overflow CVE-2013-2729
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
7dc172e9c20833689d9cb306dc044f86 view report ar01_456746_09042014.pdf 20287 18 J      
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.obfuscation using substring
1.0@15: pdf.exploit BMP RLE integer heap overflow CVE-2013-2729
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
d59b8ca519d76eebcffb8cf4a8deaed8 view report invoice_44097351.pdf 20082 18 J      
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.obfuscation using substring
1.0@15: pdf.exploit BMP RLE integer heap overflow CVE-2013-2729
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
4c57457694bf1c20bcaa006e0cb310f9 view report 4c57457694bf1c20bcaa006e0cb310f9.pdf 20359 18 J      
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.obfuscation using substring
1.0@15: pdf.exploit BMP RLE integer heap overflow CVE-2013-2729
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
7dc172e9c20833689d9cb306dc044f86 view report 7dc172e9c20833689d9cb306dc044f86.pdf 20287 18 J      
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.obfuscation using substring
1.0@15: pdf.exploit BMP RLE integer heap overflow CVE-2013-2729
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
ee3c215dfaac67a4a69a74d9a0a3c422 view report ed1356024d59e5f65d4fe2c79f0e7a6ef0aabaec3fc1dac079ddc2e981050c73 20097 18 J      
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.obfuscation using substring
1.0@15: pdf.exploit BMP RLE integer heap overflow CVE-2013-2729
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
d36c4d4761baea30b0cfe00f7e873bae view report f7be983714a90b299bb3013e947961962d195a7a83cc3164869182c504345275 13145 13 J      
8.0@283: suspicious.javascript in XFA block
8.0@283: suspicious.obfuscation using substr
8.0@283: suspicious.warning: object contains JavaScript
17.0@12839: suspicious.warning: object contains JavaScript
e77f7508629fa40b0404bb003c9e4157 view report 2b9ecd7e14190441644eb2fed37d21f64c5102d5a10607666193dd52d8922038 32859 5 J      
8.0@138: suspicious.javascript in XFA block
8.0@138: suspicious.warning: object contains JavaScript
cc0f6d37cce686590aeddb4728a10133 view report f7956c86f0a6f4be32260888e1692640d867a8cd2df3bfef89151ab3c006b39c 4161 4 J      
13.0@892: suspicious.obfuscation using eval
13.0@892: suspicious.warning: object contains JavaScript
7dc172e9c20833689d9cb306dc044f86 view report BACS_Transfer_JS03848377.pdf 20287 18 J      
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using String.replace
1.0@15: suspicious.obfuscation using substring
1.0@15: pdf.exploit BMP RLE integer heap overflow CVE-2013-2729
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript