PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
a0589639667babdeeebf2c18dca1a969 view report Revised-2017HolidaySchedule.pdf 1245 1 J      
7.0@781: suspicious.warning: object contains JavaScript
289220176fd79dcfca78e1e0e829874b view report 5a48cc0664c70415aaf1eabcf6835fa35a4e92f7e68c71c877f211c79527e441:d.pdf: 1843 1 J      
8.0@1015: suspicious.warning: object contains JavaScript
663719a8e99c6a27ab4e0a57646ccf08 view report f4d70253f6caf263878323439ac827fea6a669410c6a4028b99163c4309f1512:sell-to-survive.pdf: 99378 22        
6.0@84200: suspicious.embedded external content
7.0@84480: suspicious.embedded external content
8.0@84899: suspicious.embedded external content
9.0@85184: suspicious.embedded external content
10.0@85529: suspicious.embedded external content
11.0@85811: suspicious.embedded external content
12.0@86204: suspicious.embedded external content
13.0@86591: suspicious.embedded external content
14.0@87113: suspicious.embedded external content
15.0@87656: suspicious.embedded external content
16.0@87929: suspicious.embedded external content
17.0@88316: suspicious.embedded external content
18.0@88784: suspicious.embedded external content
19.0@89060: suspicious.embedded external content
20.0@89480: suspicious.embedded external content
21.0@89969: suspicious.embedded external content
22.0@90314: suspicious.embedded external content
23.0@90737: suspicious.embedded external content
24.0@91223: suspicious.embedded external content
25.0@91571: suspicious.embedded external content
26.0@91994: suspicious.embedded external content
27.0@92441: suspicious.embedded external content
09e5039b911a6456f09bc95adaf05b27 view report Invoice_ 12980198_YY#WDO_2017 (28 Nov 17).pdf 588947 9   F P  
106.0@41516: suspicious.pdf embedded PDF file
106.0@41516: suspicious.warning: object contains embedded PDF
129.0@57431: suspicious.obfuscation using charCodeAt
129.0@57431: suspicious.obfuscation using String.fromCharCode
129.0@57431: suspicious.flash addFrameScript
129.0@57431: suspicious.flash Embedded Flash
129.0@57431: suspicious.flash Embedded Flash define obj
0cb8e6fdfa16d02364bf484a32cd39a0 view report d043162f23182182f2cc7c6e4041281956c0d428cdac606d3c3d154cf9d390d8:vendors.pdf: 5191779 4        
415.0@182352: pdf.exploit execute EXE file
415.0@182352: pdf.execute exe file
4707.0@2326040: pdf.exploit execute EXE file
4707.0@2326040: pdf.execute exe file
0a9ad0d1266f91693cf98edc81c3c001 view report a7b33c3409db29f1c075c03eb7ba8fa1ed354b527a601f1e43876501a796759b:/archives/text/CTAN/macros/latex/contrib/eq-save/examples/eqsave-noname.pdf: 108146 129 J      
175.0@16: suspicious.obfuscation using app.setTimeOut to eval code
11.0@6679: suspicious.warning: object contains JavaScript
368.0@85455: suspicious.warning: object contains JavaScript
377.0@86078: suspicious.warning: object contains JavaScript
380.0@86337: suspicious.obfuscation using eval
380.0@86337: suspicious.obfuscation using String.replace
380.0@86337: suspicious.obfuscation using substring
380.0@86337: suspicious.warning: object contains JavaScript
381.0@88265: suspicious.obfuscation using eval
381.0@88265: suspicious.obfuscation using String.replace
381.0@88265: suspicious.obfuscation using substring
381.0@88265: suspicious.warning: object contains JavaScript
382.0@89291: suspicious.obfuscation using eval
382.0@89291: suspicious.obfuscation toString
382.0@89291: suspicious.obfuscation using String.replace
382.0@89291: suspicious.obfuscation using substring
382.0@89291: suspicious.warning: object contains JavaScript
383.0@90302: suspicious.obfuscation using String.fromCharCode
383.0@90302: suspicious.warning: object contains JavaScript
384.0@91161: suspicious.obfuscation using eval
384.0@91161: suspicious.obfuscation toString
384.0@91161: suspicious.obfuscation using String.replace
384.0@91161: suspicious.obfuscation using substring
384.0@91161: suspicious.obfuscation using app.setTimeOut to eval code
384.0@91161: suspicious.warning: object contains JavaScript
385.0@95698: suspicious.obfuscation using eval
385.0@95698: suspicious.warning: object contains JavaScript
386.0@96108: suspicious.obfuscation toString
386.0@96108: suspicious.obfuscation using String.replace
386.0@96108: suspicious.warning: object contains JavaScript
387.0@96870: suspicious.obfuscation using eval
387.0@96870: suspicious.obfuscation using String.replace
387.0@96870: suspicious.obfuscation using substring
387.0@96870: suspicious.warning: object contains JavaScript
388.0@100906: suspicious.obfuscation using eval
388.0@100906: suspicious.obfuscation toString
388.0@100906: suspicious.obfuscation using String.replace
388.0@100906: suspicious.obfuscation using substring
388.0@100906: suspicious.obfuscation using app.setTimeOut to eval code
388.0@100906: suspicious.warning: object contains JavaScript
389.0@102434: suspicious.warning: object contains JavaScript
14.0@37: suspicious.obfuscation using app.setTimeOut to eval code
b9f86dd6d493c57554624af79e40a606 view report d32a29fadcabbe885c967cf569e95166434bb25b893529cb00a2b285f504ea21:01c8ce645191463630990dc96ac0b73d910faa02: 243792 6        
0.0@239865: suspicious.obfuscation using charCodeAt
0.0@239865: suspicious.obfuscation toString
0.0@239865: suspicious.obfuscation using String.fromCharCode
0.0@239865: suspicious.obfuscation using String.replace
0.0@239865: suspicious.obfuscation using substring
-1.-1@239936: suspicious.warning: end of file contains content
6564e97b019a574600f77cc44913355d view report 837644fdaab01060e05c0d2c8e7356c62665bb78ad62622ec34d3acf8bbb09d1:0606-additional-mathematics-papers-xtremepapers.pdf: 12323 2        
13.0@9258: suspicious.embedded external content
14.0@9660: suspicious.embedded external content
65d98f5ae5dc02ec597ddcffabbe3061 view report d5cb1d78e26e39d7bc9c09c7479b5092ebe97e446732a76629b15a26df796e22:/archives/text/CTAN/macros/latex/contrib/eq-save/docs/eqsave-man.pdf: 249137 141 J      
194.0@446: suspicious.obfuscation using app.setTimeOut to eval code
11.0@7326: suspicious.warning: object contains JavaScript
25.0@7938: suspicious.warning: object contains JavaScript
11.0@64099: suspicious.warning: object contains JavaScript
341.0@225047: suspicious.warning: object contains JavaScript
350.0@225670: suspicious.warning: object contains JavaScript
351.0@225734: suspicious.warning: object contains JavaScript
352.0@225794: suspicious.warning: object contains JavaScript
355.0@226053: suspicious.obfuscation using eval
355.0@226053: suspicious.obfuscation using String.replace
355.0@226053: suspicious.obfuscation using substring
355.0@226053: suspicious.warning: object contains JavaScript
356.0@227967: suspicious.obfuscation using eval
356.0@227967: suspicious.obfuscation using String.replace
356.0@227967: suspicious.obfuscation using substring
356.0@227967: suspicious.warning: object contains JavaScript
357.0@228993: suspicious.obfuscation using eval
357.0@228993: suspicious.obfuscation toString
357.0@228993: suspicious.obfuscation using String.replace
357.0@228993: suspicious.obfuscation using substring
357.0@228993: suspicious.warning: object contains JavaScript
358.0@230004: suspicious.obfuscation using String.fromCharCode
358.0@230004: suspicious.warning: object contains JavaScript
359.0@230863: suspicious.obfuscation using eval
359.0@230863: suspicious.obfuscation toString
359.0@230863: suspicious.obfuscation using String.replace
359.0@230863: suspicious.obfuscation using substring
359.0@230863: suspicious.obfuscation using app.setTimeOut to eval code
359.0@230863: suspicious.warning: object contains JavaScript
360.0@235400: suspicious.obfuscation using eval
360.0@235400: suspicious.warning: object contains JavaScript
361.0@235810: suspicious.obfuscation toString
361.0@235810: suspicious.obfuscation using String.replace
361.0@235810: suspicious.warning: object contains JavaScript
362.0@236572: suspicious.obfuscation using eval
362.0@236572: suspicious.obfuscation using String.replace
362.0@236572: suspicious.obfuscation using substring
362.0@236572: suspicious.warning: object contains JavaScript
363.0@240608: suspicious.obfuscation using eval
363.0@240608: suspicious.obfuscation toString
363.0@240608: suspicious.obfuscation using String.replace
363.0@240608: suspicious.obfuscation using substring
363.0@240608: suspicious.obfuscation using app.setTimeOut to eval code
363.0@240608: suspicious.warning: object contains JavaScript
364.0@242136: suspicious.warning: object contains JavaScript
365.0@243163: suspicious.obfuscation toString
365.0@243163: suspicious.warning: object contains JavaScript
367.0@244423: suspicious.obfuscation using app.setTimeOut to eval code
14.0@501: suspicious.obfuscation using app.setTimeOut to eval code
14.0@244470: suspicious.obfuscation using app.setTimeOut to eval code
d4383c6bf4ffaadb7e0891d7c03332ea view report ec444991b62545799fe7605d4b14f42a499e45f05e16d40756c5ea2855c49a65:skachat_staryi_iandeks_brauzer_s_bukvoi_ia.pdf: 359334 1        
6.0@379: block size over 10MB
89993cb7a9b697778e66d0f963243a7f view report c8112da82ef8f3a75888f09a30d5260813ba9cc1a5cad3a933d345ee20f0804e:probability-statistics-and-econometrics.pdf: 222985 17        
8.0@208876: suspicious.embedded external content
9.0@209164: suspicious.embedded external content
10.0@209452: suspicious.embedded external content
12.0@209741: suspicious.embedded external content
13.0@210293: suspicious.embedded external content
14.0@210854: suspicious.embedded external content
15.0@211331: suspicious.embedded external content
16.0@211712: suspicious.embedded external content
17.0@212092: suspicious.embedded external content
18.0@212587: suspicious.embedded external content
19.0@212932: suspicious.embedded external content
20.0@213400: suspicious.embedded external content
21.0@214102: suspicious.embedded external content
22.0@214804: suspicious.embedded external content
23.0@215161: suspicious.embedded external content
24.0@215785: suspicious.embedded external content
25.0@216408: suspicious.embedded external content
056caa245094adb33fc65445f30afd70 view report 8ae4e208632acd4ab3537bfc3f8e4b8a4fc3bf6bc082b965461c2f0d9c9493bc:mi8.pdf: 14641 1        
3.0@9: suspicious.embedded external content
a20cb10d5dba99d2a26c07a42a53d7da view report 798a26b8116503ffe36410e4696199a7baf671f0821035ae34df6a67490f44fa:RB102-11-2012.pdf: 430968 16 J      
90.0@416773: suspicious.warning: object contains JavaScript
91.0@417118: suspicious.javascript object
92.0@417161: suspicious.warning: object contains JavaScript
93.0@417869: suspicious.javascript object
94.0@417912: suspicious.warning: object contains JavaScript
95.0@418401: suspicious.javascript object
100.0@419587: suspicious.javascript in XFA block
100.0@419587: suspicious.obfuscation toString
100.0@419587: suspicious.warning: object contains JavaScript
7e516627737b792c61a83a1f0828dca5 view report 2f5f73b43242f51fb03401976635bffa49eb79f0ae2cbb79704b3ceeadf8f738:664amde.pdf: 28180 2        
3.0@9: suspicious.embedded external content
7.0@2494: suspicious.embedded external content
e17b4133e318949c358849970d8da4d0 view report e4b8b952886c295a2fd2238d3b8f2cff7aea93eda0da4bad5be7349976aa87d9:e61ce0a8b542834b58b3710b2f49c4b663523233: 244755 7        
3.0@9: suspicious.embedded external content
0.0@240828: suspicious.obfuscation using charCodeAt
0.0@240828: suspicious.obfuscation toString
0.0@240828: suspicious.obfuscation using String.fromCharCode
0.0@240828: suspicious.obfuscation using String.replace
0.0@240828: suspicious.obfuscation using substring
-1.-1@240899: suspicious.warning: end of file contains content