PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
a645d2cc3c8b6343c38dd10adff5e875 view report 0e57a13d5dfcc2576c394eb8de8c9becefef0442848d2a1fda090007a8891e73:/home/cuckoo/Code/pdf-documents/initial_pdfs/292d33e1e9a0fb3df659f4e5667fd3527cba0cd3.pdf: 638259 14 J      
15.0@53780: suspicious.obfuscation using eval
15.0@53780: suspicious.obfuscation using String.fromCharCode
15.0@53780: suspicious.obfuscation using String.replace
15.0@53780: suspicious.warning: object contains JavaScript
d56b7ea9b082fc0b39e85d687836ee1d view report CEH v9 - Certified Ethical Hacker Version 9 Practice Tests.pdf 25867441 1 J   P  
33.0@5128063: suspicious.warning: object contains embedded PDF
705.0@6405447: suspicious.warning: object contains JavaScript
915.0@16897331: suspicious.warning: object contains embedded PDF
1208.0@25790107: suspicious.warning: object contains embedded PDF
274d98284da09f3a6975067f26961ef9 view report 26fd41bd42d58c27f16185acadfcfab913b12b993c1eda4abb378c83c62d1a13:/home/cuckoo/Code/pdf-documents/initial_pdfs/5a88c0ddb877334607eb03b9fc4a9464acaa6b40.pdf: 638129 14 J      
15.0@53769: suspicious.obfuscation using eval
15.0@53769: suspicious.obfuscation using String.fromCharCode
15.0@53769: suspicious.obfuscation using String.replace
15.0@53769: suspicious.warning: object contains JavaScript
3abb1f3643407891e7e2fc72e5520956 view report 58da2d0270e8006bd67fdbb0e1cf3c0fb49be67abe6849f25269ecfd9103aff3:/home/cuckoo/Code/pdf-documents/initial_pdfs/bfd8c6b4a505454fbe25e983410a72c78fbd09e2.pdf: 673116 31 J      
293.0@590066: suspicious.obfuscation using charCodeAt
293.0@590066: suspicious.obfuscation using eval
293.0@590066: suspicious.obfuscation toString
293.0@590066: suspicious.obfuscation using substr
293.0@590066: suspicious.obfuscation using String.fromCharCode
321.0@632273: suspicious.obfuscation using unescape
321.0@632273: suspicious.obfuscation using eval
321.0@632273: suspicious.obfuscation using String.replace
321.0@632273: suspicious.obfuscation getAnnots access blocks
321.0@632273: suspicious.warning: object contains JavaScript
a0561281cb6442e3a4d995d26ee09cb7 view report 68046e0cb81c6d8cb80866181cc24aef5f39e4db397742910f7fb58a8766e5f2:/home/cuckoo/Code/pdf-documents/initial_pdfs/05ebf5e558c163542dd352ac119b32d54c7e5911.pdf: 642571 33 J      
321.0@595990: suspicious.obfuscation using unescape
321.0@595990: suspicious.obfuscation using eval
321.0@595990: suspicious.obfuscation toString
321.0@595990: suspicious.obfuscation using substring
321.0@595990: suspicious.obfuscation using app.setTimeOut to eval code
321.0@595990: suspicious.warning: object contains JavaScript
d56441f2660f8f3f59fb2212127aef67 view report 872e771990cd90579570c3e724d641b9dd77d3145ed65de5292a930cf44fe70d:/home/cuckoo/Code/pdf-documents/initial_pdfs/bb12297019a380cd6f0d2cf1a17609fc9f861105.pdf: 1458991 82 J      
354.0@1367661: suspicious.obfuscation using unescape
354.0@1367661: suspicious.obfuscation toString
354.0@1367661: suspicious.obfuscation using String.replace
354.0@1367661: suspicious.obfuscation using substring
354.0@1367661: suspicious.string Shellcode NOP sled
354.0@1367661: suspicious.obfuscation using app.setTimeOut to eval code
354.0@1367661: pdf.exploit Collab.getIcon CVE-2009-0927
354.0@1367661: pdf.exploit util.printf CVE-2008-2992
354.0@1367661: suspicious.warning: object contains JavaScript
aa6bcacb1e8667eddac5e01f03bb5894 view report c5c7d78ca914f2c511b2bcfd5d64fe99cdee566eccd7b160e8ec447aae217630:/home/cuckoo/Code/pdf-documents/initial_pdfs/05cdac16e91bec99fdb0cc773cc823808431f707.pdf: 727132 22 J      
60.0@90984: suspicious.obfuscation using unescape
60.0@90984: suspicious.obfuscation using eval
60.0@90984: suspicious.obfuscation using String.fromCharCode
60.0@90984: suspicious.obfuscation using String.replace
60.0@90984: suspicious.warning: object contains JavaScript
319.0@718880: suspicious.obfuscation using unescape
3c7d47627a737c23afc6bdb48046d4a9 view report efc713bbd5954981ddfd8cbec6e7e9964bd7f4a66e265440915001a934e6879a:/home/cuckoo/Code/pdf-documents/initial_pdfs/52a48a63ec16d7190ceaaa56c79c3ebff3164c42.pdf: 752634 33 J      
317.0@628160: suspicious.obfuscation using unescape
317.0@628160: suspicious.obfuscation using eval
317.0@628160: suspicious.obfuscation toString
317.0@628160: suspicious.obfuscation using substring
317.0@628160: suspicious.obfuscation using app.setTimeOut to eval code
317.0@628160: suspicious.warning: object contains JavaScript
4d65eee7c02ad9c8cab239e0bd9d4ed8 view report ac956c5740819ed12bb6264d9819ef35495022bf505bab1de2ffd021b9fa4d4f:/home/cuckoo/Code/pdf-documents/initial_pdfs/c14a1858a2ae4896d5c8c468cd03a33f0099ee91.pdf: 713547 14 J      
6.0@58452: suspicious.obfuscation using eval
6.0@58452: suspicious.obfuscation using String.fromCharCode
6.0@58452: suspicious.obfuscation using String.replace
6.0@58452: suspicious.warning: object contains JavaScript
7acc31419a713d1d5fa00a5866c4b43a view report 5c388862495581fe23c229a776ccb89ac4ff3d11321ac3c2f47e77f471fd28dd:csr_info.pdf: 6932 49 J      
6.0@405: suspicious.obfuscation using unescape
6.0@405: suspicious.obfuscation using substring
6.0@405: pdf.exploit util.printf CVE-2008-2992
6.0@405: suspicious.warning: object contains JavaScript
4cf182000d567ad6d78a4145f446eb22 view report a3e36a1a676080154463272b9e1d4f7031a920eacd83aa82414cd2b1f433ed84:/home/cuckoo/Code/pdf-documents/initial_pdfs/96ce8b7311668634a25f6e410edb9c48a6485478.pdf: 548085 31 J      
273.0@533057: suspicious.obfuscation using charCodeAt
273.0@533057: suspicious.obfuscation using eval
273.0@533057: suspicious.obfuscation toString
273.0@533057: suspicious.obfuscation using substr
273.0@533057: suspicious.obfuscation using String.fromCharCode
274.0@542286: suspicious.obfuscation using unescape
274.0@542286: suspicious.obfuscation using eval
274.0@542286: suspicious.obfuscation using String.replace
274.0@542286: suspicious.obfuscation getAnnots access blocks
274.0@542286: suspicious.warning: object contains JavaScript
3ba321eb6b2289073cbcb85442df9453 view report 42cb31d602fa08730316e9ebc8f7393c0799fed19ddc286e5fb86b84f5904ff4:/home/cuckoo/Code/pdf-documents/initial_pdfs/bb8dd2c7dcc454f1675832205cc6d9205a5b4fdd.pdf: 596806 42 J      
309.0@586228: suspicious.obfuscation using unescape
309.0@586228: suspicious.obfuscation using eval
309.0@586228: suspicious.obfuscation using String.replace
309.0@586228: suspicious.warning: object contains JavaScript
311.0@589084: suspicious.obfuscation using unescape
311.0@589084: suspicious.obfuscation using substring
311.0@589084: suspicious.string Shellcode NOP sled
311.0@589084: pdf.exploit Collab.getIcon CVE-2009-0927
04e7cc0cffcc5fa61c9618fe939cf76d view report 7e049d74256c4fae54471345d5258869b745e29302a53c86491da1a58f100386:/home/cuckoo/Code/pdf-documents/initial_pdfs/ab0a085d269d6c270beec643906d649e9eaaffaf.pdf: 631381 42 J      
320.0@589156: suspicious.obfuscation using unescape
320.0@589156: suspicious.obfuscation using eval
320.0@589156: suspicious.obfuscation using String.replace
320.0@589156: suspicious.warning: object contains JavaScript
351.0@622874: suspicious.obfuscation using unescape
351.0@622874: suspicious.obfuscation using substring
351.0@622874: suspicious.string Shellcode NOP sled
351.0@622874: pdf.exploit Collab.getIcon CVE-2009-0927
57aed694e1281baa7370be79af4d157f view report d108ac11ccd7e8e5d6bc295953b66e8852ba4bb3078ec90e5c8ce26900ed54e4:/home/cuckoo/Code/pdf-documents/initial_pdfs/62bf657b307f3d29c9f02fc72458c910f2fb35af.pdf: 771592 14 J      
36.0@64110: suspicious.obfuscation using eval
36.0@64110: suspicious.obfuscation using String.fromCharCode
36.0@64110: suspicious.obfuscation using String.replace
36.0@64110: suspicious.warning: object contains JavaScript
0cb90ed52b471c3819191547b92a17ba view report c1f1a839f3de252c300da7e0e3b21bbd8848bb39ce6877ee39585dfbeeca5e8b:/home/cuckoo/Code/pdf-documents/initial_pdfs/9f2593971dc935c9676a70b8c0a1a570143c5593.pdf: 647350 14 J      
7.0@53160: suspicious.obfuscation using eval
7.0@53160: suspicious.obfuscation using String.fromCharCode
7.0@53160: suspicious.obfuscation using String.replace
7.0@53160: suspicious.warning: object contains JavaScript