PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
f2bf6b87b5ab15a1889bddbe0be0903f view report APT9001.pdf 21284 19 J      
6.0@587: suspicious.obfuscation using unescape
6.0@587: suspicious.obfuscation using substring
6.0@587: suspicious.warning: object contains JavaScript
88020433681b0ef91512f80d3da57d7b view report b2c42a07e0b5fc4fcff835556cc9b92fffbccd1fe3e43f4f24e8d7b22db0e674 1175901 6     P  
916.0@1169275: suspicious.pdf embedded PDF file
916.0@1169275: suspicious.warning: object contains embedded PDF
918.0@1170328: pdf.exploit execute EXE file
918.0@1170328: pdf.exploit access system32 directory
918.0@1170328: pdf.exploit execute action command
918.0@1170328: pdf.execute exe file
918.0@1170328: pdf.execute access system32 directory
013000bc0787e14b2f9bad02d2115225 view report 44b72298761c25325548b7f857a5428cdacc96060d60d0d8507b7b22093fdb6f 411216 6     P  
56.0@365771: suspicious.pdf embedded PDF file
56.0@365771: suspicious.warning: object contains embedded PDF
58.0@410125: pdf.exploit execute EXE file
58.0@410125: pdf.exploit access system32 directory
58.0@410125: pdf.exploit execute action command
58.0@410125: pdf.execute exe file
58.0@410125: pdf.execute access system32 directory
1d6d3a6a814661a97c09e8b4f828891a view report fc1220d1af94abef7a1234098fda8100c12feaeb2b6bec39fc819d534febc12e 38572 29 J F    
6.0@245: suspicious.obfuscation using String.fromCharCode
6.0@245: suspicious.obfuscation using substring
6.0@245: suspicious.warning: object contains JavaScript
7.0@1837: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
8.0@1989: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
8.0@1989: suspicious.flash Embedded Flash define obj
9.0@2111: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
10.0@2192: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
11.0@2252: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
14.0@2431: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
14.0@2431: suspicious.flash Embedded Flash define obj
15.0@2540: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
15.0@2540: suspicious.flash Embedded Flash define obj
16.0@2638: suspicious.flash addFrameScript
16.0@2638: suspicious.flash Embedded Flash
16.0@2638: suspicious.flash Embedded Flash define obj
0fa3d597b0e3c0fb95b22c0635b156be view report 0eb0fe185bebb207b27ff1b30dff27199204fc877e153f46a7d048cdb91059ce 36007 25 J F    
6.0@261: suspicious.obfuscation using String.fromCharCode
6.0@261: suspicious.obfuscation using substring
6.0@261: suspicious.warning: object contains JavaScript
7.0@2721: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
8.0@2873: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
8.0@2873: suspicious.flash Embedded Flash define obj
9.0@2995: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
10.0@3076: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
11.0@3136: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
14.0@3315: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
14.0@3315: suspicious.flash Embedded Flash define obj
15.0@3424: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
15.0@3424: suspicious.flash Embedded Flash define obj
16.0@3522: suspicious.flash Embedded Flash
16.0@3522: suspicious.flash Embedded Flash define obj
4fd0f82a673e97e9096dd07ef7716f7d view report f7013e6ec9acc826449b0726f25ca4be65d44bcd0994ba2b0dbb1965e651bbe3 1564 5 J      
5.0@271: suspicious.obfuscation toString
5.0@271: suspicious.obfuscation using substring
5.0@271: suspicious.warning: object contains JavaScript
-1.-1@1409: suspicious.warning: end of file contains content
f14a74f08adc141b023fd0f59ffd7f9b view report f02afbc20656e8c27dbb4e3e23716fb1c26250fbff15d08e8dd7b4a7462b1a3d 1219151 6     P  
916.0@1169280: suspicious.pdf embedded PDF file
916.0@1169280: suspicious.warning: object contains embedded PDF
918.0@1213572: pdf.exploit execute EXE file
918.0@1213572: pdf.exploit access system32 directory
918.0@1213572: pdf.exploit execute action command
918.0@1213572: pdf.execute exe file
918.0@1213572: pdf.execute access system32 directory
59bcfd9ed3442e0cb49dda3863669a6e view report c8d347e793d99318b799f55bb1f9a6fa8b1e4d8734e41c8f983765fbc749f677 185199 91 J      
106.0@181462: suspicious.obfuscation using unescape
106.0@181462: suspicious.obfuscation using charCodeAt
106.0@181462: suspicious.string nopblock
106.0@181462: suspicious.obfuscation using String.fromCharCode
106.0@181462: suspicious.obfuscation using substring
106.0@181462: pdf.exploit Collab.getIcon CVE-2009-0927
106.0@181462: suspicious.warning: object contains JavaScript
da46744f60ca3485fe1667576ad806f1 view report 6fce37e61573417898cc5b68df3d86ef42be267e7ec53c7cca3a76bd0482a18d 872962 85 J      
42.0@870957: suspicious.obfuscation using unescape
42.0@870957: suspicious.obfuscation using String.replace
42.0@870957: suspicious.obfuscation using substring
42.0@870957: pdf.suspicious util.printd used to fill buffers
42.0@870957: pdf.exploit media.newPlayer CVE-2009-4324
42.0@870957: suspicious.warning: object contains JavaScript
cf5eaa0a5ae4c5463f025a2de9f36979 view report 17fec48e2eab1cd08b1ca13bd96e7ec2920343f10a74b4e55dcc9d2d9d58af73 346020 52 J      
22.0@338525: suspicious.obfuscation using unescape
22.0@338525: suspicious.obfuscation using String.fromCharCode
22.0@338525: suspicious.obfuscation using String.replace
22.0@338525: pdf.exploit Collab.getIcon CVE-2009-0927
22.0@338525: suspicious.warning: object contains JavaScript
-1.-1@337482: suspicious.warning: end of file contains content
c606a4a1e9bebeca01cbe6a6acf6b68f view report aa0c92f1e91c4980dfaa45173ef2570bc74f2e431325841e629c9aa216e2838d 1576 5 J      
5.0@271: suspicious.obfuscation toString
5.0@271: suspicious.obfuscation using substring
5.0@271: suspicious.warning: object contains JavaScript
-1.-1@1421: suspicious.warning: end of file contains content
c3d002d97f3d3fe79127835fc2cc4a9d view report 663f2f39b90f12049b12e406cd7b64eb8d5cec943cdeffd7c7a549fa462cb9d5 36033 25 J F    
6.0@261: suspicious.obfuscation using String.fromCharCode
6.0@261: suspicious.obfuscation using substring
6.0@261: suspicious.warning: object contains JavaScript
7.0@2747: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
8.0@2899: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
8.0@2899: suspicious.flash Embedded Flash define obj
9.0@3021: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
10.0@3102: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
11.0@3162: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
14.0@3341: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
14.0@3341: suspicious.flash Embedded Flash define obj
15.0@3450: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
15.0@3450: suspicious.flash Embedded Flash define obj
16.0@3548: suspicious.flash Embedded Flash
16.0@3548: suspicious.flash Embedded Flash define obj
27ae0314727d395c838ff28ce35922c0 view report 5e4c4fa9c6da1f5a3dfef8601ce0c3a85dc0d35d1a84f3e6158c328fa7ed45d8 30730 20 J      
6.0@245: suspicious.obfuscation using String.fromCharCode
6.0@245: suspicious.obfuscation using substring
6.0@245: suspicious.warning: object contains JavaScript
7.0@1865: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
8.0@2017: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
8.0@2017: suspicious.flash Embedded Flash define obj
9.0@2139: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
10.0@2220: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
11.0@2280: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
14.0@2459: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
14.0@2459: suspicious.flash Embedded Flash define obj
15.0@2568: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
15.0@2568: suspicious.flash Embedded Flash define obj
ecf8cf4ec963f875b317363c27196bec view report 98b58cc21fb822949ee2b32f1727291069889cd852f4255d19d2e326180db243 6329 22 J      
10.0@605: suspicious.javascript in XFA block
10.0@605: suspicious.warning: object contains JavaScript
11.0@1227: suspicious.obfuscation using eval
11.0@1227: suspicious.obfuscation using substr
11.0@1227: suspicious.obfuscation using String.replace
14.0@2106: suspicious.obfuscation using String.fromCharCode
99152698c8807f1f3453a2a83bee8cce view report 9dbfee7f802198f1e4b0d7de4cc8ea74c8f2595d81ea37ae87616bb35d30f3be 1430 5 J      
5.0@271: suspicious.obfuscation toString
5.0@271: suspicious.obfuscation using substring
5.0@271: suspicious.warning: object contains JavaScript