PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
65700af5a0575ca605f5ee2c65f433e7 view report 42d708180340532f81a5384d8437b81b59ec6da6ca661209f88b6ba4ef90b96e:/dceo/ServicesGuide/GranteeResources/Reporting/Documents/PLANNING_demonitoringchecklist.pdf: 684821 16 J      
2069.0@652073: suspicious.warning: object contains JavaScript
2070.0@652420: suspicious.javascript object
2071.0@652467: suspicious.warning: object contains JavaScript
2072.0@653177: suspicious.javascript object
2073.0@653224: suspicious.warning: object contains JavaScript
2074.0@653715: suspicious.javascript object
2079.0@654851: suspicious.javascript in XFA block
2079.0@654851: suspicious.obfuscation toString
2079.0@654851: suspicious.warning: object contains JavaScript
2573824b88e86a9e758cbd4c83acc1d3 view report 6d0fd389ae1625449730c02b18cc73dcd65ecabe5437e6b504d446c534d350ce:/courts/docs/forms/juv/cra-school-district-application-jv-088-re.pdf: 551301 16 J      
195.0@518933: suspicious.warning: object contains JavaScript
196.0@519281: suspicious.javascript object
197.0@519327: suspicious.warning: object contains JavaScript
198.0@520038: suspicious.javascript object
199.0@520084: suspicious.warning: object contains JavaScript
200.0@520576: suspicious.javascript object
205.0@521652: suspicious.javascript in XFA block
205.0@521652: suspicious.obfuscation toString
205.0@521652: suspicious.warning: object contains JavaScript
b4bdac83e30b424fec6ad08e0c89f6d7 view report 4eb99639e169d2409848ad155f7b1198c9a716f4a2a402d510b275b738727377:/1/4/e/4eb99639e169d2409848ad155f7b1198c9a716f4a2a402d510b275b738727377.file: 46362 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@45124: suspicious.warning: object contains JavaScript
10.0@45231: pdf.exploit execute EXE file
10.0@45231: pdf.exploit access system32 directory
10.0@45231: pdf.exploit execute action command
10.0@45231: pdf.execute exe file
10.0@45231: pdf.execute access system32 directory
da4769ee05bee8266fca4d599f987b4e view report e4c8ffa760bd46fe74b3004c5ad4d43dad0ca6827b2ec22e37eaf6b521af37a1:/government/uploads/system/uploads/attachment_data/file/539125/Cancellation_of_a_Parallel_Import_Licence__PLPI__Form.pdf: 537405 3 J      
125.0@1204: suspicious.warning: object contains JavaScript
126.0@1695: suspicious.warning: object contains JavaScript
127.0@2042: suspicious.warning: object contains JavaScript
3c6ca45e5cd167763c778f040bae9673 view report 8cec27053b3db426d758680f40c52e59836a1330c2c2acc24b76397db555df25:085.vir: 72910 3 J      
4.0@71393: suspicious.embedded doc file
5.0@71524: suspicious.warning: object contains JavaScript
12.0@72203: suspicious.javascript object
8a17094cc7ead4aba96fcabf6bd75e1d view report 30b8b1bc5d38fa57149362cc2117403dfabd8c79d6aa82811a47a15c8a0db166:113.vir: 74668 2 J      
4.0@73249: suspicious.embedded doc file
11.0@73879: suspicious.warning: object contains JavaScript
2441574bb40b7ef043454985d696facf view report 75b8573b70e217a891280238e45542af3dfd20e6129c5622515eb6bee014e540:042.vir: 72898 3 J      
4.0@71381: suspicious.embedded doc file
5.0@71512: suspicious.warning: object contains JavaScript
12.0@72191: suspicious.javascript object
6845d4c8078e585cd77f50a908eefb8d view report f8d2105697460157ee6631e52e248ce0982c163d2eeb6239bb576205f2acdf0e:065.vir: 74639 2 J      
4.0@73220: suspicious.embedded doc file
11.0@73850: suspicious.warning: object contains JavaScript
b3c3dcc60b7721c357abfcd854779984 view report ec8b04db3831b7790ea978b2a255d7280f8b1a72bbfccfd408423f745da107b4:031.vir: 72910 3 J      
4.0@71393: suspicious.embedded doc file
5.0@71524: suspicious.warning: object contains JavaScript
12.0@72203: suspicious.javascript object
d1433c9e3dbb24deea0abc1e377e478d view report ef9fb0e51caa1698caf1a2d83c5e668b78a28027eded7d1de784415bd2cb7a9f:101.vir: 72884 3 J      
4.0@71367: suspicious.embedded doc file
5.0@71498: suspicious.warning: object contains JavaScript
12.0@72177: suspicious.javascript object
9bf05f05d1832b31af2d22f295d1f462 view report 4a320f9638b3d647cdc592afcdd89da246d7015ae9a1d7afc7c6132494f41b39:/assets/pdfs/SBB-ODP-App.pdf: 641076 33 J     E
175.0@7717: suspicious.obfuscation toString
175.0@7717: suspicious.obfuscation using substr
175.0@7717: suspicious.obfuscation using String.replace
175.0@7717: suspicious.obfuscation using substring
175.0@7717: pdf.suspicious util.printd used to fill buffers
175.0@7717: suspicious.warning: object contains JavaScript
240.0@355877: suspicious.warning: object contains JavaScript
241.0@356099: suspicious.warning: object contains JavaScript
242.0@356321: suspicious.warning: object contains JavaScript
243.0@356700: suspicious.warning: object contains JavaScript
244.0@357149: suspicious.warning: object contains JavaScript
245.0@357443: suspicious.warning: object contains JavaScript
246.0@357821: suspicious.warning: object contains JavaScript
248.0@358416: suspicious.warning: object contains JavaScript
249.0@358796: suspicious.warning: object contains JavaScript
250.0@359018: suspicious.warning: object contains JavaScript
251.0@359399: suspicious.warning: object contains JavaScript
252.0@359621: suspicious.warning: object contains JavaScript
253.0@359843: suspicious.warning: object contains JavaScript
254.0@360065: suspicious.warning: object contains JavaScript
255.0@360653: suspicious.warning: object contains JavaScript
23.0@631399: suspicious.warning: object contains JavaScript
884fd72efe0f5081ebafb91154ddd47d view report db647a3fd4e66589838e10f4e7dc5193eda48351fe62813e2eacd909ac8d3f42:Frau.pdf: 306206 13 J      
158.0@292212: suspicious.warning: object contains JavaScript
159.0@292558: suspicious.javascript object
160.0@292603: suspicious.warning: object contains JavaScript
161.0@293563: suspicious.javascript object
162.0@293608: suspicious.warning: object contains JavaScript
163.0@294098: suspicious.javascript object
168.0@295258: suspicious.javascript in XFA block
168.0@295258: suspicious.warning: object contains JavaScript
a27970c887b934ee0ac3144554731c46 view report 8daeaccdddafd2b926c270d0f6c3e436d06badce1a4c7f072c58e337935f32c9:BestComputers-UpgradeInstructions.pdf: 7222 49 J      
6.0@409: suspicious.obfuscation using unescape
6.0@409: suspicious.obfuscation using substring
6.0@409: pdf.exploit util.printf CVE-2008-2992
6.0@409: suspicious.warning: object contains JavaScript
f7e1144ba3eb9b92ec6b61b8927d42c7 view report chi invoice 3.pdf 9626540 1        
12.0@2330713: block size over 10MB
fddcc25a11ccb55312e289b32764e613 view report 5c7db8cc5749dbb337b0ff991b8c54ac019c978d0b3e0122138291504938c7f9:9ecd36870738ea1f00cf11e39be0db322ed15a20: 28567 16 J      
22.0@26612: suspicious.obfuscation using unescape
22.0@26612: suspicious.warning: object contains JavaScript