PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
8e25f19e9996782640dc1e7e85fd4ccb view report msf110.pdf 46259 26 J      
10.0@1012: pdf.exploit fontfile SING table overflow CVE-2010-2883 A
12.0@41443: suspicious.obfuscation using unescape
12.0@41443: suspicious.obfuscation using substring
12.0@41443: suspicious.string heap spray shellcode
12.0@41443: suspicious.string shellcode
12.0@41443: suspicious.warning: object contains JavaScript
a2f39fe3d7a19591716b20387f573b13 view report db332147f5b13778c7992dd04d353a57d1be73d18ad2b86ef11e811d879f52ff:testvirusligne6et5.pdf: 1187606 7 J   P  
340.0@1070936: suspicious.pdf embedded PDF file
340.0@1070936: suspicious.warning: object contains embedded PDF
341.0@1186116: suspicious.warning: object contains JavaScript
342.0@1186225: pdf.exploit execute EXE file
342.0@1186225: pdf.exploit access system32 directory
342.0@1186225: pdf.exploit execute action command
342.0@1186225: pdf.execute exe file
342.0@1186225: pdf.execute access system32 directory
ff6d776c4bb79cfa6203a2325169cc4e view report 425d50190ad1da6779b8501962a735dc3c33051275d1c4f5d013de9f3eb6b971:evil.pdf: 514106 7 J   P  
105.0@468341: suspicious.pdf embedded PDF file
105.0@468341: suspicious.warning: object contains embedded PDF
106.0@512574: suspicious.warning: object contains JavaScript
107.0@512685: pdf.exploit execute EXE file
107.0@512685: pdf.exploit access system32 directory
107.0@512685: pdf.exploit execute action command
107.0@512685: pdf.execute exe file
107.0@512685: pdf.execute access system32 directory
648e0fd358ed64f4430ec48ec22ff216 view report 6939647b1e7de361a6a8a0216f496dc7c7ae614dd78c678d25cacc9ccdae4c88:SHALOM TTC- EDUCATION_TTC_ActivityReport_2015SENT TO DE.pdf: 3429127 37 J      
9.0@242309: suspicious.obfuscation using eval
9.0@242309: suspicious.javascript in XFA block
9.0@242309: suspicious.obfuscation toString
9.0@242309: suspicious.obfuscation using substr
9.0@242309: suspicious.obfuscation using String.replace
9.0@242309: suspicious.obfuscation using substring
9.0@242309: suspicious.obfuscation using app.setTimeOut to eval code
9.0@242309: pdf.suspicious util.printd used to fill buffers
9.0@242309: suspicious.warning: object contains JavaScript
28.0@2238252: suspicious.warning: object contains JavaScript
29.0@2238786: suspicious.warning: object contains JavaScript
30.0@2239133: suspicious.warning: object contains JavaScript
977f34df074549c957145a928ea248b7 view report 5ec4e1d7a1d781198d8dadc7759eece28ecd6a866b6e8539ac247d269a171f40:977f34df074549c957145a928ea248b7.virus: 69804 22 J      
9.0@11361: suspicious.embedded doc file
13.0@16984: suspicious.embedded xls file
18.0@17577: suspicious.embedded OLE document header
19.0@64103: suspicious.embedded doc file
20.0@64216: suspicious.warning: object contains JavaScript
21.0@64318: suspicious.warning: object contains JavaScript
22.0@64894: suspicious.javascript object
23.0@64938: suspicious.warning: object contains JavaScript
24.0@65044: suspicious.warning: object contains JavaScript
25.0@65145: suspicious.warning: object contains JavaScript
26.0@65224: suspicious.warning: object contains JavaScript
27.0@65285: suspicious.warning: object contains JavaScript
28.0@65360: suspicious.warning: object contains JavaScript
29.0@65448: suspicious.warning: object contains JavaScript
30.0@65919: suspicious.javascript object
31.0@65963: suspicious.warning: object contains JavaScript
32.0@67583: suspicious.javascript object
33.0@67627: suspicious.warning: object contains JavaScript
40.0@68519: suspicious.warning: object contains JavaScript
17ffccaf1e8a7707546038788b5ca57f view report 684e4929fe3cbff89e63a5887298469a83b37d66f54f8de81853d252974df60c:17ffccaf1e8a7707546038788b5ca57f.virus: 69819 22 J      
9.0@11406: suspicious.embedded doc file
13.0@17029: suspicious.embedded xls file
18.0@17586: suspicious.embedded OLE document header
19.0@64121: suspicious.embedded doc file
20.0@64234: suspicious.warning: object contains JavaScript
21.0@64336: suspicious.warning: object contains JavaScript
22.0@64912: suspicious.javascript object
23.0@64956: suspicious.warning: object contains JavaScript
24.0@65062: suspicious.warning: object contains JavaScript
25.0@65163: suspicious.warning: object contains JavaScript
26.0@65242: suspicious.warning: object contains JavaScript
27.0@65303: suspicious.warning: object contains JavaScript
28.0@65378: suspicious.warning: object contains JavaScript
29.0@65466: suspicious.warning: object contains JavaScript
30.0@65937: suspicious.javascript object
31.0@65981: suspicious.warning: object contains JavaScript
32.0@67601: suspicious.javascript object
33.0@67645: suspicious.warning: object contains JavaScript
40.0@68536: suspicious.warning: object contains JavaScript
1a441bc8f8e3bdd4921b5ed083884f1b view report 594238af2a055b1d0a5a3f7ea9945fbafc067677f14735906d12172d1839ff30:1a441bc8f8e3bdd4921b5ed083884f1b.virus: 69816 22 J      
9.0@11418: suspicious.embedded doc file
13.0@17041: suspicious.embedded xls file
18.0@17579: suspicious.embedded OLE document header
19.0@64116: suspicious.embedded doc file
20.0@64229: suspicious.warning: object contains JavaScript
21.0@64331: suspicious.warning: object contains JavaScript
22.0@64907: suspicious.javascript object
23.0@64951: suspicious.warning: object contains JavaScript
24.0@65057: suspicious.warning: object contains JavaScript
25.0@65158: suspicious.warning: object contains JavaScript
26.0@65237: suspicious.warning: object contains JavaScript
27.0@65298: suspicious.warning: object contains JavaScript
28.0@65373: suspicious.warning: object contains JavaScript
29.0@65461: suspicious.warning: object contains JavaScript
30.0@65932: suspicious.javascript object
31.0@65976: suspicious.warning: object contains JavaScript
32.0@67596: suspicious.javascript object
33.0@67640: suspicious.warning: object contains JavaScript
40.0@68532: suspicious.warning: object contains JavaScript
cf385b03db7b990b59d1e3e46ea6f311 view report c06492179ab40996ecf629aa729836a021681a578b50c25c5f9eb54fa99fb056:cf385b03db7b990b59d1e3e46ea6f311.virus: 69765 22 J      
9.0@11346: suspicious.embedded doc file
13.0@16969: suspicious.embedded xls file
18.0@17534: suspicious.embedded OLE document header
19.0@64062: suspicious.embedded doc file
20.0@64178: suspicious.warning: object contains JavaScript
21.0@64280: suspicious.warning: object contains JavaScript
22.0@64856: suspicious.javascript object
23.0@64900: suspicious.warning: object contains JavaScript
24.0@65006: suspicious.warning: object contains JavaScript
25.0@65107: suspicious.warning: object contains JavaScript
26.0@65187: suspicious.warning: object contains JavaScript
27.0@65248: suspicious.warning: object contains JavaScript
28.0@65323: suspicious.warning: object contains JavaScript
29.0@65411: suspicious.warning: object contains JavaScript
30.0@65882: suspicious.javascript object
31.0@65926: suspicious.warning: object contains JavaScript
32.0@67546: suspicious.javascript object
33.0@67590: suspicious.warning: object contains JavaScript
40.0@68482: suspicious.warning: object contains JavaScript
d7c401182bb6109df570e2f6f0fb2d9c view report fafc8413556aee1733cde4a4a7e2ede7150beec91e100d93e3c21f9af11e4027:CNQ-RBWM-020_b(270516).pdf: 909194 56 J      
887.0@2043: suspicious.obfuscation using String.replace
887.0@2043: suspicious.warning: object contains JavaScript
888.0@8212: suspicious.obfuscation using charCodeAt
888.0@8212: suspicious.obfuscation using eval
888.0@8212: suspicious.obfuscation using substr
888.0@8212: suspicious.obfuscation using String.fromCharCode
888.0@8212: suspicious.obfuscation using String.replace
888.0@8212: suspicious.warning: object contains JavaScript
889.0@14172: suspicious.obfuscation using substring
889.0@14172: suspicious.warning: object contains JavaScript
890.0@16695: suspicious.obfuscation using charCodeAt
890.0@16695: suspicious.warning: object contains JavaScript
922.0@28049: pdf.suspicious util.printd used to fill buffers
949.0@194354: suspicious.obfuscation using app.setTimeOut to eval code
949.0@194354: suspicious.warning: object contains JavaScript
950.0@194741: suspicious.warning: object contains JavaScript
7.0@212413: suspicious.warning: object contains JavaScript
8.0@212622: suspicious.warning: object contains JavaScript
9.0@212821: suspicious.warning: object contains JavaScript
10.0@213001: suspicious.warning: object contains JavaScript
11.0@213335: suspicious.warning: object contains JavaScript
12.0@213661: suspicious.warning: object contains JavaScript
13.0@214001: suspicious.warning: object contains JavaScript
60.0@228144: suspicious.obfuscation toString
60.0@228144: suspicious.warning: object contains JavaScript
61.0@228501: suspicious.obfuscation using app.setTimeOut to eval code
61.0@228501: suspicious.warning: object contains JavaScript
101.0@253091: suspicious.obfuscation using app.setTimeOut to eval code
101.0@253091: suspicious.warning: object contains JavaScript
115.0@726851: suspicious.warning: object contains JavaScript
116.0@727173: suspicious.warning: object contains JavaScript
960.0@30111: pdf.suspicious util.printd used to fill buffers
f30b4312ceb283d438ef6a980a6b72ed view report f723822248a5d8a6995a75028a233c739ec657b65bc6b1ec01a2813be20b99bb:f30b4312ceb283d438ef6a980a6b72ed.virus: 69891 22 J      
9.0@11451: suspicious.embedded doc file
13.0@17074: suspicious.embedded xls file
18.0@17683: suspicious.embedded OLE document header
19.0@64191: suspicious.embedded doc file
20.0@64304: suspicious.warning: object contains JavaScript
21.0@64406: suspicious.warning: object contains JavaScript
22.0@64982: suspicious.javascript object
23.0@65026: suspicious.warning: object contains JavaScript
24.0@65132: suspicious.warning: object contains JavaScript
25.0@65233: suspicious.warning: object contains JavaScript
26.0@65312: suspicious.warning: object contains JavaScript
27.0@65373: suspicious.warning: object contains JavaScript
28.0@65448: suspicious.warning: object contains JavaScript
29.0@65536: suspicious.warning: object contains JavaScript
30.0@66007: suspicious.javascript object
31.0@66051: suspicious.warning: object contains JavaScript
32.0@67671: suspicious.javascript object
33.0@67715: suspicious.warning: object contains JavaScript
40.0@68607: suspicious.warning: object contains JavaScript
b864a8178c705b4a8702661628304486 view report 626385286ec8917a3016fbfe8fcd930e41cf2b3eb14b0b4b8e8345938163efcc:b864a8178c705b4a8702661628304486.virus: 69591 22 J      
9.0@11227: suspicious.embedded doc file
13.0@16850: suspicious.embedded xls file
18.0@17381: suspicious.embedded OLE document header
19.0@63898: suspicious.embedded doc file
20.0@64008: suspicious.warning: object contains JavaScript
21.0@64110: suspicious.warning: object contains JavaScript
22.0@64686: suspicious.javascript object
23.0@64730: suspicious.warning: object contains JavaScript
24.0@64836: suspicious.warning: object contains JavaScript
25.0@64937: suspicious.warning: object contains JavaScript
26.0@65015: suspicious.warning: object contains JavaScript
27.0@65076: suspicious.warning: object contains JavaScript
28.0@65151: suspicious.warning: object contains JavaScript
29.0@65239: suspicious.warning: object contains JavaScript
30.0@65710: suspicious.javascript object
31.0@65754: suspicious.warning: object contains JavaScript
32.0@67374: suspicious.javascript object
33.0@67418: suspicious.warning: object contains JavaScript
40.0@68308: suspicious.warning: object contains JavaScript
7949983dbe60fed2e28953c0f686efd8 view report 2da8d7629bace1f9f2b4bc724ddf7025423215af00f3525b67c6ad8c86669798:7949983dbe60fed2e28953c0f686efd8.virus: 69399 22 J      
9.0@11107: suspicious.embedded doc file
13.0@16730: suspicious.embedded xls file
18.0@17168: suspicious.embedded OLE document header
19.0@63711: suspicious.embedded doc file
20.0@63818: suspicious.warning: object contains JavaScript
21.0@63920: suspicious.warning: object contains JavaScript
22.0@64496: suspicious.javascript object
23.0@64540: suspicious.warning: object contains JavaScript
24.0@64646: suspicious.warning: object contains JavaScript
25.0@64747: suspicious.warning: object contains JavaScript
26.0@64824: suspicious.warning: object contains JavaScript
27.0@64885: suspicious.warning: object contains JavaScript
28.0@64960: suspicious.warning: object contains JavaScript
29.0@65048: suspicious.warning: object contains JavaScript
30.0@65519: suspicious.javascript object
31.0@65563: suspicious.warning: object contains JavaScript
32.0@67183: suspicious.javascript object
33.0@67227: suspicious.warning: object contains JavaScript
40.0@68115: suspicious.warning: object contains JavaScript
9bbe14ff65d501f057a44a836fd8bc7b view report eb5ce92cbd7ce3590d89e8f3e15e7ed0a1408def1dc74bf5d84aba5621a1eb1b:9bbe14ff65d501f057a44a836fd8bc7b.virus: 69627 22 J      
9.0@11226: suspicious.embedded doc file
13.0@16849: suspicious.embedded xls file
18.0@17398: suspicious.embedded OLE document header
19.0@63934: suspicious.embedded doc file
20.0@64044: suspicious.warning: object contains JavaScript
21.0@64146: suspicious.warning: object contains JavaScript
22.0@64722: suspicious.javascript object
23.0@64766: suspicious.warning: object contains JavaScript
24.0@64872: suspicious.warning: object contains JavaScript
25.0@64973: suspicious.warning: object contains JavaScript
26.0@65051: suspicious.warning: object contains JavaScript
27.0@65112: suspicious.warning: object contains JavaScript
28.0@65187: suspicious.warning: object contains JavaScript
29.0@65275: suspicious.warning: object contains JavaScript
30.0@65746: suspicious.javascript object
31.0@65790: suspicious.warning: object contains JavaScript
32.0@67410: suspicious.javascript object
33.0@67454: suspicious.warning: object contains JavaScript
40.0@68344: suspicious.warning: object contains JavaScript
b9f12ef3ab5a9421fede7e70c9653bc6 view report 33fdda2027208ff02d2ff06367bb858729b86534888a8ae2972a429cad58015f:b9f12ef3ab5a9421fede7e70c9653bc6.virus: 69843 22 J      
9.0@11479: suspicious.embedded doc file
13.0@17102: suspicious.embedded xls file
18.0@17595: suspicious.embedded OLE document header
19.0@64137: suspicious.embedded doc file
20.0@64253: suspicious.warning: object contains JavaScript
21.0@64355: suspicious.warning: object contains JavaScript
22.0@64931: suspicious.javascript object
23.0@64975: suspicious.warning: object contains JavaScript
24.0@65081: suspicious.warning: object contains JavaScript
25.0@65182: suspicious.warning: object contains JavaScript
26.0@65262: suspicious.warning: object contains JavaScript
27.0@65323: suspicious.warning: object contains JavaScript
28.0@65398: suspicious.warning: object contains JavaScript
29.0@65486: suspicious.warning: object contains JavaScript
30.0@65957: suspicious.javascript object
31.0@66001: suspicious.warning: object contains JavaScript
32.0@67621: suspicious.javascript object
33.0@67665: suspicious.warning: object contains JavaScript
40.0@68557: suspicious.warning: object contains JavaScript
11cb029e3c822853b758ddd0b5297c9b view report a3a10f91acc1e8ca87aaf1feb3d12509d1d7a60c073484439aa5fa3ef45f438e:11cb029e3c822853b758ddd0b5297c9b.virus: 69552 22 J      
9.0@11171: suspicious.embedded doc file
13.0@16794: suspicious.embedded xls file
18.0@17341: suspicious.embedded OLE document header
19.0@63868: suspicious.embedded doc file
20.0@63972: suspicious.warning: object contains JavaScript
21.0@64074: suspicious.warning: object contains JavaScript
22.0@64650: suspicious.javascript object
23.0@64694: suspicious.warning: object contains JavaScript
24.0@64800: suspicious.warning: object contains JavaScript
25.0@64901: suspicious.warning: object contains JavaScript
26.0@64977: suspicious.warning: object contains JavaScript
27.0@65038: suspicious.warning: object contains JavaScript
28.0@65113: suspicious.warning: object contains JavaScript
29.0@65201: suspicious.warning: object contains JavaScript
30.0@65672: suspicious.javascript object
31.0@65716: suspicious.warning: object contains JavaScript
32.0@67336: suspicious.javascript object
33.0@67380: suspicious.warning: object contains JavaScript
40.0@68267: suspicious.warning: object contains JavaScript