PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
85e883304a3b1f9251ff6222e026f27e view report e5f82b34171320ff519e3cb2c733487b477e9400b8c99309c8b8c5fc296330ee 2048000 7 J      
1.0@3729: suspicious.javascript in XFA block
1.0@3729: suspicious.warning: object contains JavaScript
-1.-1@6989: suspicious.warning: end of file contains content
5e0399ae8be64309d67d18d87b1ab4ff view report e96150f3e5bc2fa6eea0ad438850264ad248fa79de7b7b8fe188b19532aebb81 68176 4 J      
8.0@138: suspicious.javascript in XFA block
8.0@138: suspicious.warning: object contains JavaScript
a02f2766a2fd294b158aee72713667e0 view report ed154e6cbb0d214ffd4d81f9c7003c07b50cbbb26c06d3d3e5c29ac349793318 75200 19 J      
171.0@998: suspicious.warning: object contains JavaScript
172.0@1484: suspicious.warning: object contains JavaScript
173.0@1830: suspicious.warning: object contains JavaScript
6.0@21258: suspicious.javascript in XFA block
6.0@21258: suspicious.obfuscation using String.replace
6.0@21258: suspicious.obfuscation using substring
6.0@21258: suspicious.warning: object contains JavaScript
4b05074d5168452c5823aca640ce1adc view report a149dc3ac94a2610420fa9154d8df8e87b6c5cd3a116888cc91adf3a16419c44 82273 8 J      
1.0@16: suspicious.javascript in XFA block
1.0@16: suspicious.obfuscation using String.fromCharCode
1.0@16: suspicious.obfuscation using String.replace
1.0@16: suspicious.obfuscation using substring
1.0@16: block size over 10MB
1.0@16: suspicious.warning: object contains JavaScript
8d3ff87f9f60e5d11b0e5f54a19e68e6 view report 420ea9d41a737785704e34c0123e0f8af43697ae7d0854ef2ee254920b86f79a 430645 6     P  
49.0@146321: suspicious.pdf embedded PDF file
49.0@146321: suspicious.warning: object contains embedded PDF
51.0@429531: pdf.exploit execute EXE file
51.0@429531: pdf.exploit access system32 directory
51.0@429531: pdf.exploit execute action command
51.0@429531: pdf.execute exe file
51.0@429531: pdf.execute access system32 directory
289fe0a70b75108f3de72b12459efe1f view report 36dabda32468111675d2adb4181f718f88f77010fa9f4112affe0c4202f645ed 2401636 2 J      
1864.0@2124308: suspicious.warning: object contains JavaScript
1973.0@2138051: suspicious.warning: object contains JavaScript
af8f8c4cdeb18b01aa67db60a9789bc7 view report ff789f7f666ef55cc533c0ec159397a018b4a1fe5ae96e749be0ed5a1d571855 9308 10        
13.0@2605: pdf.exploit URI directory traversal
13.0@2605: pdf.exploit URI directory traversal system32
15.0@2779: pdf.exploit URI directory traversal
15.0@2779: pdf.exploit URI directory traversal system32
17.0@2953: pdf.exploit URI directory traversal
17.0@2953: pdf.exploit URI directory traversal system32
20.0@3176: pdf.exploit URI directory traversal
20.0@3176: pdf.exploit URI directory traversal system32
22.0@3351: pdf.exploit URI directory traversal
22.0@3351: pdf.exploit URI directory traversal system32
9d22478d0e0cdbe74766c8b9ec113a94 view report 7c5ccc0fa3726d8ca8f7b8196f524dcb3c8e9017896fafe0281716d72e711993 9308 10        
13.0@2605: pdf.exploit URI directory traversal
13.0@2605: pdf.exploit URI directory traversal system32
15.0@2779: pdf.exploit URI directory traversal
15.0@2779: pdf.exploit URI directory traversal system32
17.0@2953: pdf.exploit URI directory traversal
17.0@2953: pdf.exploit URI directory traversal system32
20.0@3176: pdf.exploit URI directory traversal
20.0@3176: pdf.exploit URI directory traversal system32
22.0@3351: pdf.exploit URI directory traversal
22.0@3351: pdf.exploit URI directory traversal system32
348178bb599cdadbd0f8427756fd4006 view report 775b5a7d34b8753320bb3d5c62d881edaa0e2492699b978306aa7ec9d24159da 40523 6 J      
27.0@38456: suspicious.obfuscation using unescape
27.0@38456: suspicious.warning: object contains JavaScript
6369b468319972e968dc229bcbb1b163 view report fa20370636071072654afccbde0945e33be22363c3c080c73c7c870bbe5a523d 14712950 6     P  
507.0@14667555: suspicious.pdf embedded PDF file
507.0@14667555: suspicious.warning: object contains embedded PDF
509.0@14712024: pdf.exploit execute EXE file
509.0@14712024: pdf.exploit access system32 directory
509.0@14712024: pdf.exploit execute action command
509.0@14712024: pdf.execute exe file
509.0@14712024: pdf.execute access system32 directory
159bb99e198747d92bc3772f5d94fa15 view report 95117ec09adfac7c9920ebf9c4059d8fed866eeec4aaf97ccbfcce41df2d3308 150509 55 J      
17.0@963: suspicious.obfuscation getAnnots access blocks
38.0@144575: suspicious.obfuscation getAnnots access blocks
39.0@144677: suspicious.obfuscation using unescape
39.0@144677: suspicious.obfuscation using substring
39.0@144677: suspicious.string Shellcode NOP sled
39.0@144677: pdf.exploit util.printf CVE-2008-2992
39.0@144677: suspicious.warning: object contains JavaScript
-1.-1@150333: suspicious.warning: end of file contains content
8fa7c7bcdc9adec6aee6ae8309c19e4b view report 58dec690346c4acdff7cd018e3e369119349ffacd32e443d9b9d2a8823e16991 13179 5 J      
121.0@3464: suspicious.javascript in XFA block
121.0@3464: suspicious.warning: object contains JavaScript
ddf1d027b66573556d453a29b263bedc view report d5b964f9f016288ca69d38364e5af7db090259bab6b95d34a7d1a3ac3720c9d7 14896 4 J      
111.0@3464: suspicious.javascript in XFA block
111.0@3464: suspicious.warning: object contains JavaScript
fa6b0a1dbc94c45a38c82f4ce2c756d6 view report bd8eb9ece41da6b631f1b63199358191b73f2f3a69603b24898175b6bf08fdf6 14734 4 J      
111.0@3464: suspicious.javascript in XFA block
111.0@3464: suspicious.warning: object contains JavaScript
2a3ef361f9ef0f4cca4741e25564e1c7 view report 69a179f4b5fe942a51e2715501fcb836d0df34d9c9cbd7b40a72fce9c816b422 14684 4 J      
111.0@3464: suspicious.javascript in XFA block
111.0@3464: suspicious.warning: object contains JavaScript