PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
c37ae9efc4eefcf1fe9cefa69a9e51f4 view report infected.pdf 6771 49 J      
6.0@425: suspicious.obfuscation using unescape
6.0@425: suspicious.obfuscation using substring
6.0@425: pdf.exploit util.printf CVE-2008-2992
6.0@425: suspicious.warning: object contains JavaScript
d76f2c1e7e22407cef7cb02644ff6a2f view report 74b36639c5c3377d75dc3d21c79bcc2c070ef3e26add34b98b69f4c3dacf4006:/root/Desktop/CS/e11---doc---decoy--has-table-image.pdf: 153944 91 J      
3.0@145104: suspicious.obfuscation using unescape
3.0@145104: suspicious.javascript object
3.0@145104: suspicious.obfuscation using substring
3.0@145104: suspicious.string -HeapSpray-
3.0@145104: suspicious.string -shellcode-
3.0@145104: pdf.exploit ToolButton use-after-free CVE-2014-0496
3.0@145104: suspicious.javascript addToolButton
3.0@145104: suspicious.warning: object contains JavaScript
cve_2013_3346
0e0945e0c4b3052833e7cc0cbebf68bd view report cec20f23bafdbe8c07925f0b4bb665de91ee514bb9575318b33919d421e8447c:/root/Desktop/CS/c1d---doc---lang--deu.pdf: 5441 92 J      
4.0@199: suspicious.javascript object
5.0@254: suspicious.obfuscation using unescape
5.0@254: suspicious.obfuscation using String.replace
5.0@254: suspicious.obfuscation using substring
5.0@254: suspicious.string -HeapSpray-
5.0@254: suspicious.string -shellcode-
5.0@254: pdf.exploit ToolButton use-after-free CVE-2014-0496
5.0@254: suspicious.javascript addToolButton
5.0@254: suspicious.warning: object contains JavaScript
cve_2013_3346
f58f15aab19ddd7999b1c28f185adb85 view report 32651d83846db47899cf42f036a91d1fbfa5a5d002a954194648f9ab5d98f369:/root/Desktop/CS/e11---alert_three--no-cancel---decoy--diagram.pdf: 16643 94 J      
10.0@733: suspicious.obfuscation using unescape
10.0@733: suspicious.javascript object
10.0@733: suspicious.obfuscation using String.replace
10.0@733: suspicious.obfuscation using substring
10.0@733: suspicious.string -HeapSpray-
10.0@733: suspicious.string -shellcode-
10.0@733: pdf.exploit ToolButton use-after-free CVE-2014-0496
10.0@733: suspicious.javascript addToolButton
10.0@733: suspicious.warning: object contains JavaScript
cve_2013_3346
0f58916d63e474486b0850cb26aebae7 view report ad8bbd37a2e51e8e301bfdd77812a8b9a759bcb213af75213d4542a2fa1b4d79:/root/Desktop/CS/c11---tod--everyday-8-9---decoy--scanned-img.pdf: 114074 98 J      
17.0@924: suspicious.obfuscation using unescape
17.0@924: suspicious.javascript object
17.0@924: suspicious.obfuscation using String.replace
17.0@924: suspicious.obfuscation using substring
17.0@924: suspicious.string -HeapSpray-
17.0@924: suspicious.string -shellcode-
17.0@924: pdf.suspicious util.printd used to fill buffers
17.0@924: pdf.exploit ToolButton use-after-free CVE-2014-0496
17.0@924: suspicious.javascript addToolButton
17.0@924: suspicious.warning: object contains JavaScript
cve_2013_3346
bf4fa7884d6820f404bebd27c5fa8d94 view report 4c6523504563b0d4033cccf2b1b00db4b4b4f046d3e7076a6900808bb6e7f812:/root/Desktop/CS/p11---alert_three--yes---decoy--has-table-image.pdf: 154529 94 J      
3.0@145104: suspicious.obfuscation using unescape
3.0@145104: suspicious.javascript object
3.0@145104: suspicious.obfuscation using String.replace
3.0@145104: suspicious.obfuscation using substring
3.0@145104: suspicious.string -HeapSpray-
3.0@145104: suspicious.string -shellcode-
3.0@145104: pdf.exploit ToolButton use-after-free CVE-2014-0496
3.0@145104: suspicious.javascript addToolButton
3.0@145104: suspicious.warning: object contains JavaScript
cve_2013_3346
d8f216a8d54d4fc9289d47fd6f94a766 view report d8f216a8d54d4fc9289d47fd6f94a766.stream 6372 93 J   P  
5.0@371: suspicious.obfuscation using unescape
5.0@371: suspicious.obfuscation using String.replace
5.0@371: suspicious.obfuscation using substring
5.0@371: suspicious.string -HeapSpray-
5.0@371: suspicious.string -shellcode-
5.0@371: pdf.exploit ToolButton use-after-free CVE-2014-0496
5.0@371: suspicious.javascript addToolButton
5.0@371: suspicious.warning: object contains JavaScript
8.0@5398: suspicious.pdf embedded PDF file
8.0@5398: suspicious.warning: object contains embedded PDF
cve_2013_3346
a2b62c194455bdb7f10b26c886825f00 view report 9bc19e066e8f628f5abcee07c295d7d5e81eb227030e02e1f1f1467f6595ef76:/root/Desktop/CS/c11---speaker--anna---nest--1-envelope.pdf: 6811 97     P  
4.0@368: suspicious.pdf embedded PDF file
4.0@368: suspicious.warning: object contains embedded PDF
f790c0391cfac39c039843f599646f0a view report f790c0391cfac39c039843f599646f0a.stream 6335 92 J   P  
5.0@371: suspicious.obfuscation using unescape
5.0@371: suspicious.obfuscation using String.replace
5.0@371: suspicious.obfuscation using substring
5.0@371: suspicious.string -HeapSpray-
5.0@371: suspicious.string -shellcode-
5.0@371: pdf.exploit ToolButton use-after-free CVE-2014-0496
5.0@371: suspicious.javascript addToolButton
5.0@371: suspicious.warning: object contains JavaScript
8.0@5361: suspicious.pdf embedded PDF file
8.0@5361: suspicious.warning: object contains embedded PDF
cve_2013_3346
f550ad23a648d9efd2754b51d8a1df1d view report f550ad23a648d9efd2754b51d8a1df1d.stream 6753 96     P  
4.0@360: suspicious.pdf embedded PDF file
4.0@360: suspicious.warning: object contains embedded PDF
312826a9b8f06856b38085fbea153967 view report 312826a9b8f06856b38085fbea153967.stream 7441 100     P  
4.0@360: suspicious.pdf embedded PDF file
4.0@360: suspicious.warning: object contains embedded PDF
c633b70ad5362542fd2e588bb8c21edc view report 8932789d091cc2416c15fc0b3b8fd955c2b5255d58c1dd9bb92d03ded890fefd:/root/Desktop/CS/c11---lang--enu---nest--3-envelope.pdf: 8135 104     P  
4.0@360: suspicious.pdf embedded PDF file
4.0@360: suspicious.warning: object contains embedded PDF
f299df9361515669b8d529eb73ae3e87 view report f299df9361515669b8d529eb73ae3e87.stream 6285 92 J   P  
5.0@371: suspicious.obfuscation using unescape
5.0@371: suspicious.obfuscation using String.replace
5.0@371: suspicious.obfuscation using substring
5.0@371: suspicious.string -HeapSpray-
5.0@371: suspicious.string -shellcode-
5.0@371: pdf.exploit ToolButton use-after-free CVE-2014-0496
5.0@371: suspicious.javascript addToolButton
5.0@371: suspicious.warning: object contains JavaScript
8.0@5311: suspicious.pdf embedded PDF file
8.0@5311: suspicious.warning: object contains embedded PDF
cve_2013_3346
f1837dfe6204401d35fa05d0dfcd00b3 view report ff16f95c5e1692c2827141c6c1ae1501439f88d3609661cd9060dfe708b91465:/root/Desktop/CS/c11---lang--deu---nest--1-envelope.pdf: 6706 96     P  
4.0@360: suspicious.pdf embedded PDF file
4.0@360: suspicious.warning: object contains embedded PDF
1a8acd64a8216689becc935566eb5ed5 view report 1a8acd64a8216689becc935566eb5ed5.stream 6795 92 J   P  
5.0@371: suspicious.obfuscation using unescape
5.0@371: suspicious.obfuscation using String.replace
5.0@371: suspicious.obfuscation using substring
5.0@371: suspicious.string -HeapSpray-
5.0@371: suspicious.string -shellcode-
5.0@371: pdf.exploit ToolButton use-after-free CVE-2014-0496
5.0@371: suspicious.javascript addToolButton
5.0@371: suspicious.warning: object contains JavaScript
8.0@5821: suspicious.pdf embedded PDF file
8.0@5821: suspicious.warning: object contains embedded PDF
cve_2013_3346