PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
1a8b8179fae46895aafe409dfecba486 view report a0dea47092fb2f73d3b2f2088be22d0e6081603d4b97f71f2f9d43d835e9fdb1:/wp-content/uploads/2015/12/Direct-Deposit-Authorization-Form.pdf: 523758 13 J      
207.0@465693: suspicious.warning: object contains JavaScript
208.0@466039: suspicious.javascript object
209.0@466084: suspicious.warning: object contains JavaScript
210.0@466793: suspicious.javascript object
211.0@466838: suspicious.warning: object contains JavaScript
212.0@467328: suspicious.javascript object
217.0@468494: suspicious.javascript in XFA block
217.0@468494: suspicious.warning: object contains JavaScript
e23eb4782329559c9c8ae2bdc2e783a2 view report e6256ded77cf7c0372e34179dc66c440d4d94958e66133555fcace6135cb76a5:template.pdf: 60566 7 J   P  
21.0@15110: suspicious.pdf embedded PDF file
21.0@15110: suspicious.warning: object contains embedded PDF
22.0@59486: suspicious.warning: object contains JavaScript
23.0@59590: pdf.exploit execute EXE file
23.0@59590: pdf.exploit access system32 directory
23.0@59590: pdf.exploit execute action command
23.0@59590: pdf.execute exe file
23.0@59590: pdf.execute access system32 directory
ee4cf30c00fffe7dd76a4ffad4952b23 view report ba17c0069abdea332e51d112daaa6c84445ed00261a645bc093f4381e4294793:/sites/default/files/chicagotribune.pdf: 855551 72   F    
515.0@2710: suspicious.flash Embedded Flash define obj
540.0@94815: suspicious.flash Embedded Flash define obj
10.0@224021: suspicious.flash Embedded Flash define obj
21.0@264860: suspicious.flash Embedded Flash define obj
36.0@326910: suspicious.flash Embedded Flash define obj
44.0@335206: suspicious.flash Embedded Flash
44.0@335206: suspicious.flash Embedded Flash define obj
45.0@394686: suspicious.flash Embedded Flash
45.0@394686: suspicious.flash Embedded Flash define obj
46.0@454166: suspicious.flash Embedded Flash
46.0@454166: suspicious.flash Embedded Flash define obj
47.0@519295: suspicious.obfuscation using charCodeAt
47.0@519295: suspicious.obfuscation using String.fromCharCode
47.0@519295: suspicious.flash Embedded Flash
47.0@519295: suspicious.flash Embedded Flash define obj
48.0@659308: suspicious.flash Embedded Flash
48.0@659308: suspicious.flash Embedded Flash define obj
49.0@727353: suspicious.flash Embedded Flash
49.0@727353: suspicious.flash Embedded Flash define obj
50.0@783413: suspicious.flash Embedded Flash
50.0@783413: suspicious.flash Embedded Flash define obj
51.0@815717: suspicious.flash Embedded Flash
51.0@815717: suspicious.flash Embedded Flash define obj
648.0@28162: suspicious.flash Embedded Flash define obj
654.0@28601: suspicious.flash Embedded Flash define obj
660.0@95107: suspicious.flash Embedded Flash define obj
666.0@95601: suspicious.flash Embedded Flash define obj
107.0@245331: suspicious.flash Embedded Flash define obj
125.0@267344: suspicious.flash Embedded Flash define obj
131.0@267783: suspicious.flash Embedded Flash define obj
259.0@342601: suspicious.flash Embedded Flash define obj
265.0@343040: suspicious.flash Embedded Flash define obj
5b40c3122283ede325401475f63399d2 view report defa46469bf48de87e1c8a2e674bd962f21aabf22b92627ce3b651575c7d77bc:C:\Users\Mixxx\Desktop\The Antivirus Hacker-s Handbook.pdf: 5959361 19        
389.0@1660779: suspicious.obfuscation using unescape
859.0@4337896: suspicious.obfuscation using eval
6d25ca9e98039919f5c68bfd0782e24a view report BL857293001TURBINESINC.pdf 150824 31 J      
330.0@82284: suspicious.warning: object contains JavaScript
323.0@82345: suspicious.warning: object contains JavaScript
324.0@82425: suspicious.warning: object contains JavaScript
321.0@82508: suspicious.warning: object contains JavaScript
322.0@82588: suspicious.warning: object contains JavaScript
319.0@82671: suspicious.warning: object contains JavaScript
320.0@82751: suspicious.warning: object contains JavaScript
317.0@82834: suspicious.warning: object contains JavaScript
318.0@82914: suspicious.warning: object contains JavaScript
315.0@82997: suspicious.warning: object contains JavaScript
316.0@83077: suspicious.warning: object contains JavaScript
313.0@83160: suspicious.warning: object contains JavaScript
314.0@83240: suspicious.warning: object contains JavaScript
311.0@83323: suspicious.warning: object contains JavaScript
312.0@83403: suspicious.warning: object contains JavaScript
309.0@83486: suspicious.warning: object contains JavaScript
310.0@83566: suspicious.warning: object contains JavaScript
307.0@83649: suspicious.warning: object contains JavaScript
308.0@83729: suspicious.warning: object contains JavaScript
305.0@83812: suspicious.warning: object contains JavaScript
306.0@83892: suspicious.warning: object contains JavaScript
303.0@83975: suspicious.warning: object contains JavaScript
304.0@84055: suspicious.warning: object contains JavaScript
301.0@84138: suspicious.warning: object contains JavaScript
302.0@84218: suspicious.warning: object contains JavaScript
299.0@84301: suspicious.warning: object contains JavaScript
300.0@84381: suspicious.warning: object contains JavaScript
297.0@84464: suspicious.warning: object contains JavaScript
298.0@84544: suspicious.warning: object contains JavaScript
295.0@84627: suspicious.warning: object contains JavaScript
296.0@84707: suspicious.warning: object contains JavaScript
1d5fd80440aeffd641c1db825a671d68 view report 983945843ffc505972734d3114c933d6aee5e652991e92ba6fa62d9d35a483f5:MichaelHermengild2016.pdf: 1089393 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@1088153: suspicious.warning: object contains JavaScript
10.0@1088260: pdf.exploit execute EXE file
10.0@1088260: pdf.exploit access system32 directory
10.0@1088260: pdf.exploit execute action command
10.0@1088260: pdf.execute exe file
10.0@1088260: pdf.execute access system32 directory
8561a2ece88d536b4148d4b3beabde64 view report 70e15b1d3a19ee69883d289e009a4263e07b61073cdcb6b1b39d7304574334ef:/Extranet/Literature/Doc/55870: 759574 29 J   P  
1422.0@727940: suspicious.obfuscation using charCodeAt
1422.0@727940: suspicious.obfuscation using eval
1422.0@727940: suspicious.obfuscation toString
1422.0@727940: suspicious.obfuscation using substr
1422.0@727940: suspicious.obfuscation using String.replace
1422.0@727940: suspicious.obfuscation using substring
1422.0@727940: suspicious.obfuscation getAnnots access blocks
1422.0@727940: suspicious.warning: object contains JavaScript
0.0@748085: suspicious.warning: object contains embedded PDF
1429.0@755161: suspicious.warning: object contains JavaScript
e917a6b264d4b953d0b802ca1229d297 view report 118a1fbb0faf71f9b796d51f6eff0b2e4f934f70c479661e10a03ef1d8b4c576:evil.pdf: 148392 7 J   P  
40.0@103011: suspicious.pdf embedded PDF file
40.0@103011: suspicious.warning: object contains embedded PDF
41.0@147242: suspicious.warning: object contains JavaScript
42.0@147345: pdf.exploit execute EXE file
42.0@147345: pdf.exploit access system32 directory
42.0@147345: pdf.exploit execute action command
42.0@147345: pdf.execute exe file
42.0@147345: pdf.execute access system32 directory
81d744965aa330dc26ad1c0407fb7548 view report 2d8e521d46dd29bfb23c689601fd4ab715d6a50bd6c4f997b402be21f542fe5a:/extranet/literature/doc/51091: 87271 28 J      
46.0@67041: suspicious.obfuscation using charCodeAt
46.0@67041: suspicious.obfuscation using eval
46.0@67041: suspicious.obfuscation toString
46.0@67041: suspicious.obfuscation using substr
46.0@67041: suspicious.obfuscation using String.replace
46.0@67041: suspicious.obfuscation using substring
46.0@67041: suspicious.obfuscation getAnnots access blocks
46.0@67041: suspicious.warning: object contains JavaScript
a9b909572d6ec1abb145010f96d7ce53 view report ef4a0a0a968ed4fc279130f86a429522884ace7bc62268530b729837b3d42071:amptest1.pdf: 6603 19 J      
6.0@571: suspicious.obfuscation using unescape
6.0@571: suspicious.obfuscation using substring
6.0@571: suspicious.warning: object contains JavaScript
ca4807e92aaa83ba32cad3fa6b354336 view report 38bb718960e171f721365d90dc0899beb0ee0eeecac9f2c37e8ce3e463a9210f:2013-05-17_13-10-37_assassin_v1.3_beta-2.pdf: 60466 7 J   P  
21.0@15110: suspicious.pdf embedded PDF file
21.0@15110: suspicious.warning: object contains embedded PDF
22.0@59386: suspicious.warning: object contains JavaScript
23.0@59490: pdf.exploit execute EXE file
23.0@59490: pdf.exploit access system32 directory
23.0@59490: pdf.exploit execute action command
23.0@59490: pdf.execute exe file
23.0@59490: pdf.execute access system32 directory
700ee8713f191bee34fd49b9b82b61ab view report 5091fe0ff297750dce1a69f7752d430b0d2a3dedfa21393893290aab566c9ee5:listadoEmpleados.pdf: 46363 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@45125: suspicious.warning: object contains JavaScript
10.0@45232: pdf.exploit execute EXE file
10.0@45232: pdf.exploit access system32 directory
10.0@45232: pdf.exploit execute action command
10.0@45232: pdf.execute exe file
10.0@45232: pdf.execute access system32 directory
185d2f9c9c4189516db7f373b049fb78 view report 0c96e72cc2d6602ad67164fb5c730f64f226f9ff7ccc5cedecc3a1903e121551:cdph931.pdf: 714915 15 J      
264.0@4209: suspicious.javascript object
265.0@4254: suspicious.javascript object
266.0@4299: suspicious.javascript object
267.0@4344: suspicious.warning: object contains JavaScript
268.0@4834: suspicious.warning: object contains JavaScript
269.0@5180: suspicious.warning: object contains JavaScript
17.0@688059: suspicious.javascript in XFA block
17.0@688059: suspicious.warning: object contains JavaScript
24a022ca8d0089d62d6c4357ad4324e8 view report 3275c093847c00a68f7ad8dc26b98a84c24c9101901b977e3759d8350edd636e:Lifeline%20FSA%20Enrollment%20Form.pdf: 898169 16 J      
259.0@876350: suspicious.warning: object contains JavaScript
260.0@876696: suspicious.javascript object
261.0@876741: suspicious.warning: object contains JavaScript
262.0@877450: suspicious.javascript object
263.0@877495: suspicious.warning: object contains JavaScript
264.0@877985: suspicious.javascript object
269.0@879155: suspicious.javascript in XFA block
269.0@879155: suspicious.obfuscation toString
269.0@879155: suspicious.warning: object contains JavaScript
a98422e212e90f6ffacf82e918802488 view report 16015645127b96b8556b37d0a8c4e2dd47a91cd90432baa490c913d7445253c9:871902f4a36ef8a50c77c60f0289b96f0dba4e84: 334006 8        
23.0@241402: suspicious.obfuscation using eval
25.0@308638: suspicious.obfuscation using eval