PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
862e3ab99c1677395327c8f6bd28b0e9 view report 5581 986611 12 J      
3.0@4756: suspicious.javascript in XFA block
3.0@4756: suspicious.warning: object contains JavaScript
42.0@982173: suspicious.warning: object contains JavaScript
43.0@982650: suspicious.warning: object contains JavaScript
44.0@982996: suspicious.warning: object contains JavaScript
136d12876c9bcb8c5a1429c0aebdd76e view report 432d6d64937ea41e98c2288ab0f5cd384fdc936eb7429b73bdff220466011721:/forms/Expert%20Service%20Claim%20Form.pdf: 163493 12 J      
3.0@3449: suspicious.javascript in XFA block
3.0@3449: suspicious.warning: object contains JavaScript
33.0@159165: suspicious.warning: object contains JavaScript
34.0@159642: suspicious.warning: object contains JavaScript
35.0@159988: suspicious.warning: object contains JavaScript
ec7c4597e9e0108871cd17272a613bfd view report 5108.pdf 1691552 12 J      
3.0@6293: suspicious.javascript in XFA block
3.0@6293: suspicious.warning: object contains JavaScript
47.0@1050792: suspicious.warning: object contains JavaScript
48.0@1051269: suspicious.warning: object contains JavaScript
49.0@1051615: suspicious.warning: object contains JavaScript
5c88b4826892db8f2e3da865724d5bfb view report e6f64a7936ade4ec1bb9c548866700c5423abc747806e707d789c8d5158ccdd1:reverse_shell.pdf: 6897 49 J      
6.0@411: suspicious.obfuscation using unescape
6.0@411: suspicious.obfuscation using substring
6.0@411: pdf.exploit util.printf CVE-2008-2992
6.0@411: suspicious.warning: object contains JavaScript
3a28a78f716ad20db06c32ba0f8db282 view report d1fbf6cd92272b022cad52b3ba06c43bb29de2f13f745262f75e4b998a2c0cd5:illegalactivity.pdf.bin: 1225 1 J      
7.0@781: suspicious.warning: object contains JavaScript
4e46b89c20760dcd4e6d1b7d0bde2b6b view report Pearson.Data.Abstraction.and.Problem.Solving.with.Cplusplus.6th.Edition.0132923726.pdf 6686233 15        
9941.0@4659263: suspicious.obfuscation using String.replace
0400.0@4856066: suspicious.obfuscation using String.replace
0706.0@4983272: suspicious.obfuscation using String.replace
1787.0@5455597: suspicious.obfuscation using eval
f2c745d11c3e446c8a73faffffc5e692 view report WSU Outreach TM-DRAFTsubmit.pdf 5722266 1 J      
877.0@4206409: suspicious.warning: object contains JavaScript
3ff49288ee17f955c6ca0079e0e3b868 view report e01e9251ee99044c58b1e4e380ae1c7ab182ced623f9eed0e15c9900e5ee7f7a_e01e9251ee99044c58b1e4e380ae1c7ab182ced623f9eed0e15c9900e5ee7f7a 1177102 182 J      
2194.0@20278: suspicious.javascript object
2195.0@20325: suspicious.javascript object
2196.0@20372: suspicious.javascript object
2197.0@20419: suspicious.javascript object
2198.0@20466: suspicious.javascript object
2199.0@20513: suspicious.obfuscation using charCodeAt
2199.0@20513: suspicious.warning: object contains JavaScript
2200.0@20754: suspicious.javascript object
2201.0@20801: suspicious.javascript object
2202.0@20848: suspicious.javascript object
2203.0@20895: suspicious.javascript object
2204.0@20942: suspicious.javascript object
2205.0@20989: suspicious.javascript object
2206.0@21036: suspicious.javascript object
2207.0@21083: suspicious.javascript object
2208.0@21130: suspicious.javascript object
2209.0@21177: suspicious.javascript object
2210.0@21224: suspicious.javascript object
2211.0@21271: suspicious.javascript object
2212.0@21318: suspicious.javascript object
2213.0@21365: suspicious.javascript object
2214.0@21412: suspicious.javascript object
2215.0@21459: suspicious.javascript object
2216.0@21506: suspicious.javascript object
2217.0@21553: suspicious.warning: object contains JavaScript
2218.0@21707: suspicious.javascript object
2219.0@21754: suspicious.javascript object
2220.0@21801: suspicious.javascript object
2221.0@21848: suspicious.javascript object
2222.0@21895: suspicious.warning: object contains JavaScript
2223.0@22028: suspicious.javascript object
2224.0@22075: suspicious.javascript object
2225.0@22122: suspicious.javascript object
2226.0@22169: suspicious.javascript object
2227.0@22216: suspicious.javascript object
2228.0@22263: suspicious.javascript object
2229.0@22310: suspicious.javascript object
2230.0@22357: suspicious.warning: object contains JavaScript
2231.0@22614: suspicious.javascript object
2232.0@22661: suspicious.warning: object contains JavaScript
2233.0@23478: suspicious.warning: object contains JavaScript
2234.0@24101: suspicious.warning: object contains JavaScript
2235.0@24571: suspicious.warning: object contains JavaScript
2236.0@25050: suspicious.obfuscation using charCodeAt
2236.0@25050: suspicious.warning: object contains JavaScript
2237.0@25437: suspicious.obfuscation using String.fromCharCode
2237.0@25437: suspicious.obfuscation using substring
2237.0@25437: suspicious.warning: object contains JavaScript
2238.0@25683: suspicious.warning: object contains JavaScript
2239.0@26578: suspicious.warning: object contains JavaScript
2240.0@26851: suspicious.warning: object contains JavaScript
2241.0@28755: suspicious.warning: object contains JavaScript
2242.0@29075: suspicious.warning: object contains JavaScript
2243.0@29924: suspicious.warning: object contains JavaScript
2244.0@30240: suspicious.obfuscation using substring
2244.0@30240: suspicious.warning: object contains JavaScript
2245.0@30657: suspicious.warning: object contains JavaScript
2246.0@31188: suspicious.obfuscation using substring
2246.0@31188: suspicious.warning: object contains JavaScript
2247.0@31791: suspicious.warning: object contains JavaScript
2248.0@32526: suspicious.warning: object contains JavaScript
2249.0@32783: suspicious.obfuscation using charCodeAt
2249.0@32783: suspicious.warning: object contains JavaScript
2250.0@33112: suspicious.warning: object contains JavaScript
2251.0@33441: suspicious.warning: object contains JavaScript
2252.0@33995: suspicious.obfuscation using charCodeAt
2252.0@33995: suspicious.warning: object contains JavaScript
2253.0@34264: suspicious.obfuscation using charCodeAt
2253.0@34264: suspicious.obfuscation using substr
2253.0@34264: suspicious.warning: object contains JavaScript
2254.0@34645: suspicious.warning: object contains JavaScript
2255.0@34994: suspicious.obfuscation using charCodeAt
2255.0@34994: suspicious.obfuscation using substring
2255.0@34994: suspicious.warning: object contains JavaScript
2256.0@35743: suspicious.obfuscation using charCodeAt
2256.0@35743: suspicious.obfuscation using String.fromCharCode
2256.0@35743: suspicious.warning: object contains JavaScript
2257.0@36045: suspicious.obfuscation using charCodeAt
2257.0@36045: suspicious.warning: object contains JavaScript
2258.0@36416: suspicious.obfuscation using charCodeAt
2258.0@36416: suspicious.warning: object contains JavaScript
2259.0@36794: suspicious.obfuscation using charCodeAt
2259.0@36794: suspicious.obfuscation using substr
2259.0@36794: suspicious.warning: object contains JavaScript
2260.0@37174: suspicious.obfuscation using substring
2260.0@37174: suspicious.warning: object contains JavaScript
2261.0@37969: suspicious.obfuscation using charCodeAt
2261.0@37969: suspicious.warning: object contains JavaScript
2262.0@38225: suspicious.obfuscation using charCodeAt
2262.0@38225: suspicious.warning: object contains JavaScript
2263.0@38706: suspicious.obfuscation using substring
2263.0@38706: suspicious.warning: object contains JavaScript
2264.0@39300: suspicious.warning: object contains JavaScript
2265.0@39539: suspicious.obfuscation using charCodeAt
2265.0@39539: suspicious.warning: object contains JavaScript
2584.0@216837: suspicious.javascript object
2585.0@216884: suspicious.warning: object contains JavaScript
2586.0@217134: suspicious.javascript object
2587.0@217181: suspicious.warning: object contains JavaScript
2588.0@217431: suspicious.javascript object
2589.0@217478: suspicious.warning: object contains JavaScript
2590.0@217727: suspicious.javascript object
2591.0@217774: suspicious.warning: object contains JavaScript
2592.0@218023: suspicious.warning: object contains JavaScript
2593.0@218093: suspicious.warning: object contains JavaScript
2594.0@218190: suspicious.javascript object
2595.0@218237: suspicious.warning: object contains JavaScript
2596.0@218383: suspicious.warning: object contains JavaScript
2597.0@218764: suspicious.javascript object
2598.0@218811: suspicious.warning: object contains JavaScript
2599.0@218947: suspicious.warning: object contains JavaScript
2600.0@219362: suspicious.javascript object
2601.0@219409: suspicious.warning: object contains JavaScript
2602.0@219546: suspicious.warning: object contains JavaScript
2603.0@219961: suspicious.warning: object contains JavaScript
2604.0@220054: suspicious.warning: object contains JavaScript
2605.0@220151: suspicious.javascript object
2606.0@220198: suspicious.warning: object contains JavaScript
2607.0@220412: suspicious.warning: object contains JavaScript
2608.0@220724: suspicious.javascript object
2609.0@220771: suspicious.warning: object contains JavaScript
2610.0@220916: suspicious.warning: object contains JavaScript
2611.0@221204: suspicious.warning: object contains JavaScript
2612.0@221430: suspicious.javascript object
2613.0@221477: suspicious.warning: object contains JavaScript
2616.0@221806: suspicious.warning: object contains JavaScript
2617.0@221956: suspicious.javascript object
2618.0@222003: suspicious.warning: object contains JavaScript
2163.0@1127772: suspicious.warning: object contains JavaScript
2164.0@1127918: suspicious.warning: object contains JavaScript
669fe6284ae10ee8f8164cb1844e58f0 view report 6bcc8b5ee23b0f5b7854172ac995403be2bd8030cdc9340ece14a8e6a4556267:technical,%20supervisory%20and%20management%20occupations%20card%20application%20form.pdf: 643433 13 J      
223.0@507711: suspicious.warning: object contains JavaScript
224.0@508057: suspicious.javascript object
225.0@508102: suspicious.warning: object contains JavaScript
226.0@508811: suspicious.javascript object
227.0@508856: suspicious.warning: object contains JavaScript
228.0@509346: suspicious.javascript object
233.0@510507: suspicious.javascript in XFA block
233.0@510507: suspicious.warning: object contains JavaScript
758d6635c6afdf80ff866553cfafa1c1 view report 6936dd897584acdf97875cae3b0e446b13c150a765e823423bafd059991790af:Employee_handbook-hex.pdf: 5792 49 J      
6.0@417: suspicious.obfuscation using unescape
6.0@417: suspicious.obfuscation using substring
6.0@417: pdf.exploit util.printf CVE-2008-2992
6.0@417: suspicious.warning: object contains JavaScript
cd2935d8944bf85b2ef5690b3d5bc5bf view report d2e300b111a90a70e9a706b546bf3f73686b21e2c72dd0ba4586e03095cc9dd6:Driver-Abstract-Statement-of-Intent.pdf: 827247 15 J      
23.0@12868: suspicious.javascript object
24.0@12911: suspicious.javascript object
25.0@12954: suspicious.javascript object
26.0@12997: suspicious.javascript object
27.0@13040: suspicious.warning: object contains JavaScript
28.0@13382: suspicious.warning: object contains JavaScript
29.0@13646: suspicious.warning: object contains JavaScript
30.0@13939: suspicious.warning: object contains JavaScript
123.0@443961: suspicious.warning: object contains JavaScript
124.0@444019: suspicious.warning: object contains JavaScript
125.0@444088: suspicious.warning: object contains JavaScript
126.0@444146: suspicious.warning: object contains JavaScript
127.0@444215: suspicious.warning: object contains JavaScript
128.0@444273: suspicious.warning: object contains JavaScript
134.0@444554: suspicious.warning: object contains JavaScript
1800b0411fa9c490d83b650af11c8016 view report 77627318e993f02583c816bda65fd9bfb40cd06a0b940b59c4c7dd70aecf1a7a:mealplanninggrocerylist.pdf: 480925 15 J      
180.0@441928: suspicious.warning: object contains JavaScript
181.0@442290: suspicious.javascript object
182.0@442335: suspicious.warning: object contains JavaScript
183.0@443044: suspicious.javascript object
184.0@443089: suspicious.warning: object contains JavaScript
185.0@443572: suspicious.javascript object
190.0@444777: suspicious.javascript in XFA block
190.0@444777: suspicious.warning: object contains JavaScript
3e818374f6bd1c959ae5989a2462ec08 view report Lonely Planet - Amsterdam (Travel Guide) (2016).pdf 22553355 1 J   P  
474.0@915348: suspicious.warning: object contains JavaScript
9604.0@13682947: suspicious.warning: object contains embedded PDF
c281b501f76c2641dff79bcdd6c274cb view report f17e005b31ac5d9de9f37e25aa79bb6ecfe078e1bddc1cb662a2f2250354763a:Lease_Trade.pdf: 284457 38 J      
217.0@194875: suspicious.warning: object contains JavaScript
219.0@194959: suspicious.warning: object contains JavaScript
220.0@195040: suspicious.warning: object contains JavaScript
221.0@195121: suspicious.warning: object contains JavaScript
223.0@195205: suspicious.warning: object contains JavaScript
224.0@195336: suspicious.warning: object contains JavaScript
225.0@195420: suspicious.warning: object contains JavaScript
226.0@195501: suspicious.warning: object contains JavaScript
227.0@195585: suspicious.warning: object contains JavaScript
228.0@195666: suspicious.warning: object contains JavaScript
229.0@195750: suspicious.warning: object contains JavaScript
230.0@195831: suspicious.warning: object contains JavaScript
231.0@195915: suspicious.warning: object contains JavaScript
232.0@195996: suspicious.warning: object contains JavaScript
233.0@196080: suspicious.warning: object contains JavaScript
234.0@196161: suspicious.warning: object contains JavaScript
235.0@196245: suspicious.warning: object contains JavaScript
238.0@204482: suspicious.warning: object contains JavaScript
239.0@204563: suspicious.warning: object contains JavaScript
240.0@204647: suspicious.warning: object contains JavaScript
241.0@204807: suspicious.warning: object contains JavaScript
242.0@204888: suspicious.warning: object contains JavaScript
243.0@204972: suspicious.warning: object contains JavaScript
244.0@205056: suspicious.warning: object contains JavaScript
245.0@205137: suspicious.warning: object contains JavaScript
246.0@205221: suspicious.warning: object contains JavaScript
247.0@205302: suspicious.warning: object contains JavaScript
248.0@205386: suspicious.warning: object contains JavaScript
249.0@205467: suspicious.warning: object contains JavaScript
250.0@205551: suspicious.warning: object contains JavaScript
251.0@205632: suspicious.warning: object contains JavaScript
252.0@205716: suspicious.warning: object contains JavaScript
253.0@205797: suspicious.warning: object contains JavaScript
254.0@205881: suspicious.warning: object contains JavaScript
255.0@205962: suspicious.warning: object contains JavaScript
256.0@206046: suspicious.warning: object contains JavaScript
257.0@206127: suspicious.warning: object contains JavaScript
258.0@206211: suspicious.warning: object contains JavaScript
c037378897142b4db3f063e4e99a39b4 view report a613fa08516815b49a642fd8ff8f405c08166000d511ae08bffdea89e7741365:/sites/default/files/documents/ad845.pdf: 471901 16 J      
286.0@457439: suspicious.warning: object contains JavaScript
287.0@457786: suspicious.javascript object
288.0@457832: suspicious.warning: object contains JavaScript
289.0@458542: suspicious.javascript object
290.0@458588: suspicious.warning: object contains JavaScript
291.0@459079: suspicious.javascript object
296.0@460062: suspicious.javascript in XFA block
296.0@460062: suspicious.obfuscation toString
296.0@460062: suspicious.warning: object contains JavaScript