PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
cea172096fcbe4ea8148ab89484516ab view report Concept of Programming Languages 10th Edition.pdf 3337733 6        
180.0@785461: suspicious.obfuscation using eval
694.0@1287818: suspicious.obfuscation using eval
6658450a2bdd9ee12a13d1cf667ce923 view report cfeac7808e4d909521e5a8b82d0688d0446b2cf619c50309fb9349a3dffb6d7e:pptx.v#c.pdf: 41450 1        
30.0@22172: suspicious.embedded external content
bf1b42fcee3ce3360d28597fae794af9 view report 0ce0c25cc3cca975a0feec92b875e2ceb7b0f79b541e4f3eebd0cbdb5e04bf5a:pablo.pdf: 1007 1 J      
7.0@677: suspicious.warning: object contains JavaScript
0a997f813318dea749e3bd5cc0cd631f view report c2766a292c8896280021f9a7578b611bb5dd5b37cb37d43068ebec22b7722ca4:MM FRESH REPORT.pdf: 22724 1        
17.0@5099: suspicious.embedded external content
94ed563aa1f071af04b5b6e30860cdfe view report 8fba55caf2480976b314617c4e0b628e294e8c45e9689a357fe52742de38533d:b120b6c423c06bf738a78acd5a62cb5592abfb7a: 447698 19 J      
21.0@5916: suspicious.warning: object contains JavaScript
22.0@6405: suspicious.warning: object contains JavaScript
23.0@6749: suspicious.warning: object contains JavaScript
26.0@15109: suspicious.javascript in XFA block
26.0@15109: suspicious.obfuscation toString
26.0@15109: suspicious.obfuscation using String.replace
26.0@15109: suspicious.warning: object contains JavaScript
94f4e82aa865155d884d9478815a4f52 view report abc14f4a67f58d6384dcc9a8115f77147f143d25a47b48a99a5a0dd96e15e284:MB Freshdirect Report .pdf: 22680 1        
17.0@5082: suspicious.embedded external content
e05be34484b2561ce7296b1ce26546e6 view report 1d37ef46ada0b8a285def7a8df32eae81c47580d5db87d5a945e5b015b9c2dfc:afa69dadeb2b76fb5df936c4d2dd017db351f43c: 82012 1 J      
3.0@331: suspicious.warning: object contains JavaScript
b7efda8ba8af3e408dd7c519b231a4ac view report 4b8a93bf05392f95241cacfe899323b29cb57da70d283172afd5645cb9a838fd:template.pdf: 5904 49 J      
6.0@409: suspicious.obfuscation using unescape
6.0@409: suspicious.obfuscation using substring
6.0@409: pdf.exploit util.printf CVE-2008-2992
6.0@409: suspicious.warning: object contains JavaScript
c94d5b95c4deb2fc4a86af6189878c9f view report f2c905cf64070b785837d0552a77db5655bde85a24dbac7fc113708700c7fbbb:05cf64070b785837d0552a77db5655bde85a24dbac7fc113708700c7fbbb.bin: 40869 1        
30.0@22097: suspicious.embedded external content
2c05e9969a8453f3d6160e288bc34329 view report 29dd8395824a00e59b4eee86b8247944c5a6a077f689a354b139fb0e9cb5a7a0:42ia15.pdf: 17398 2        
3.0@9: suspicious.embedded external content
5.0@2117: suspicious.embedded external content
f293b83faa2916804172fa3182334b89 view report 790e594972a52e3d722fb305550d2cfa0bf311cc14512bc5da277ac8f5d124b7:st machinery.pdf: 34966 1        
29.0@16739: suspicious.embedded external content
b81d9e39f2859897a5bf5c5c5d2eec8e view report 1e4680db45264ac580ec9e8d91962d7c15a9de30442a884d2b151997042513bf:b81d9e39f2859897a5bf5c5c5d2eec8e: 405510 9 J      
1.0@1015: suspicious.obfuscation using charCodeAt
1.0@1015: suspicious.javascript in XFA block
1.0@1015: suspicious.obfuscation using String.fromCharCode
1.0@1015: suspicious.obfuscation using substring
1.0@1015: suspicious.string -shellcode-
1.0@1015: block size over 10MB
1.0@1015: suspicious.warning: object contains JavaScript
f65dc80202af85b619949bfcc008c803 view report 9016a3e557b4eeae8e3b04b7cc7e4cc4b76eb74b127d919ca77b4d993e08834a:exploit-CVE-2017-windows.pdf: 181867 7 J   P  
31.0@136544: suspicious.pdf embedded PDF file
31.0@136544: suspicious.warning: object contains embedded PDF
32.0@180822: suspicious.warning: object contains JavaScript
33.0@180931: pdf.exploit execute EXE file
33.0@180931: pdf.exploit access system32 directory
33.0@180931: pdf.exploit execute action command
33.0@180931: pdf.execute exe file
33.0@180931: pdf.execute access system32 directory
b2bc38271e1dbf01af7deb5d687c9543 view report 7ee7753bed8c36554dc02f983af2ae18c53d1a95e57f36c56d67419cf337295d:payload.pdf: 46265 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@45027: suspicious.warning: object contains JavaScript
10.0@45134: pdf.exploit execute EXE file
10.0@45134: pdf.exploit access system32 directory
10.0@45134: pdf.exploit execute action command
10.0@45134: pdf.execute exe file
10.0@45134: pdf.execute access system32 directory
0ede346014fc79036738887a76070bf0 view report 83544da959e6385988045b5bbaa0a07f1ba4450d2aca9ede643a77161d1c5172:0ede346014fc79036738887a76070bf0.virobj: 36852 2        
3.0@9: suspicious.embedded external content
5.0@610: suspicious.embedded external content