PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
b0a3873989767055b6be459f5ea4e47d view report 1c28e0e062d9dcdb77d1543a25ccd91e38ab0d0dee22c9d2c4304898053f136c:/home/cuckoo/Code/pdf-documents/initial_pdfs/644703bfd6ce1b4a2345786d3626a9f6c53c7ffc.pdf: 683091 14 J      
15.0@54455: suspicious.obfuscation using eval
15.0@54455: suspicious.obfuscation using String.fromCharCode
15.0@54455: suspicious.obfuscation using String.replace
15.0@54455: suspicious.warning: object contains JavaScript
25d25603aa799d4ebcf9a5c9ceb51643 view report 2941036389c06901fb155e1bdcf04f90bb66b554efc710dd75d20c6de5f78f9a:/home/cuckoo/Code/pdf-documents/initial_pdfs/ac07de6a8cf5514420db02be4eb3c9f7453bcbdd.pdf: 608828 42 J      
312.0@592137: suspicious.obfuscation using unescape
312.0@592137: suspicious.obfuscation using eval
312.0@592137: suspicious.obfuscation using String.replace
312.0@592137: suspicious.warning: object contains JavaScript
315.0@601028: suspicious.obfuscation using unescape
315.0@601028: suspicious.obfuscation using substring
315.0@601028: suspicious.string Shellcode NOP sled
315.0@601028: pdf.exploit Collab.getIcon CVE-2009-0927
5ca000f36ed522a42631ffd876a088e4 view report dc421fece735687bb06e5390784a518bb2cd98f3d8230c4337e1984531bf05f7:/home/cuckoo/Code/pdf-documents/initial_pdfs/591cfd92414229893181ca23250c493bf17603cb.pdf: 1425911 116 J      
322.0@1345225: suspicious.obfuscation using unescape
322.0@1345225: suspicious.obfuscation using eval
322.0@1345225: suspicious.obfuscation using String.fromCharCode
322.0@1345225: suspicious.obfuscation using String.replace
322.0@1345225: suspicious.warning: object contains JavaScript
377.0@1416189: suspicious.obfuscation using unescape
377.0@1416189: suspicious.obfuscation toString
377.0@1416189: suspicious.obfuscation using substring
377.0@1416189: suspicious.string Shellcode NOP sled
377.0@1416189: pdf.exploit Collab.getIcon CVE-2009-0927
377.0@1416189: pdf.exploit Collab.collectEmailInfo CVE-2008-0655
377.0@1416189: pdf.exploit util.printf CVE-2008-2992
be60783dd7cb59fc79ef00b476e18e7d view report e4659d42ffcf8c24e94195af6152cb853ae7985007536e60ea3ffd734b40cb55:/home/cuckoo/Code/pdf-documents/initial_pdfs/c4d2038573b9a88dd806cd87404a6068680eefbb.pdf: 510626 4 J      
11.0@41903: suspicious.obfuscation using unescape
11.0@41903: suspicious.warning: object contains JavaScript
1cf46dba7dc2e369633bdcae27299b5a view report 23ff7fc36dc1480628406368db02b2df186ebab6d28abaffc3b4ff4a2e0a7b1c:/home/cuckoo/Code/pdf-documents/initial_pdfs/a1ff30a2e80428e7411365e7bd33f92089ad17b6.pdf: 651126 91 J      
7.0@53160: suspicious.obfuscation using unescape
7.0@53160: suspicious.obfuscation toString
7.0@53160: suspicious.obfuscation using eval
7.0@53160: suspicious.obfuscation using substring
7.0@53160: suspicious.string Shellcode NOP sled
7.0@53160: suspicious.obfuscation using app.setTimeOut to eval code
7.0@53160: pdf.exploit Collab.getIcon CVE-2009-0927
7.0@53160: suspicious.warning: object contains JavaScript
78387e0c92c2675a330cc4c0355ece39 view report acfa7f93e1ef9542f5808196814d3b756e4a0b7eeda77e6ce8cdc5f93ff3f581:/home/cuckoo/Code/pdf-documents/initial_pdfs/982bc2ecd0dfc12b372360b9883ffba67d5ef1db.pdf: 636779 33 J      
321.0@590192: suspicious.obfuscation using unescape
321.0@590192: suspicious.obfuscation using eval
321.0@590192: suspicious.obfuscation toString
321.0@590192: suspicious.obfuscation using substring
321.0@590192: suspicious.obfuscation using app.setTimeOut to eval code
321.0@590192: suspicious.warning: object contains JavaScript
2a25f23e8b1cb089d442c2d0a747787f view report d6a20404323a4085790dba1d9e000ec31d87a6629352fd0f3de94a02ffefd78e:d889bcd398ccb64acebcbcf887dea9fab6125aac: 64547 4 J      
5.0@62721: suspicious.embedded doc file
6.0@62825: suspicious.warning: object contains JavaScript
7.0@63270: suspicious.javascript object
14.0@63775: suspicious.warning: object contains JavaScript
a009eec12cd4f9b58bd2a51593833d3d view report 5b0433fde85f387f8de2d2be4564d99d414ace7c33198e373ed7eb0838a892cb:/home/cuckoo/Code/pdf-documents/initial_pdfs/21cefff1407baaeb3a95f8cf5796b64d93a01427.pdf: 756072 31 J      
290.0@565503: suspicious.obfuscation using charCodeAt
290.0@565503: suspicious.obfuscation using eval
290.0@565503: suspicious.obfuscation toString
290.0@565503: suspicious.obfuscation using substr
290.0@565503: suspicious.obfuscation using String.fromCharCode
318.0@607710: suspicious.obfuscation using unescape
318.0@607710: suspicious.obfuscation using eval
318.0@607710: suspicious.obfuscation using String.replace
318.0@607710: suspicious.obfuscation getAnnots access blocks
318.0@607710: suspicious.warning: object contains JavaScript
37951706ca66f093819d55834c7d11a5 view report 8155ef73cd034b925d7b4af50039d5a544e10fba3b7b372cfb9e52d9841352ce:/home/cuckoo/Code/pdf-documents/initial_pdfs/cc51eceb1f3aa8d390d174d01bdbf23053479c2e.pdf: 642316 33 J      
320.0@595737: suspicious.obfuscation using unescape
320.0@595737: suspicious.obfuscation using eval
320.0@595737: suspicious.obfuscation toString
320.0@595737: suspicious.obfuscation using substring
320.0@595737: suspicious.obfuscation using app.setTimeOut to eval code
320.0@595737: suspicious.warning: object contains JavaScript
fab6a5aacc22c7f70e6f6e251214d576 view report a1dd6a0eaf039eb200ba03a40699d399470420b692ed2f202b61567702ef7b79:/home/cuckoo/Code/pdf-documents/initial_pdfs/3c23b0ae41d37417cc1f7e709c8f6934a0cdcebc.pdf: 680262 4 J      
350.0@644435: suspicious.obfuscation using String.replace
350.0@644435: suspicious.warning: object contains JavaScript
d09c845cf5749ddece2e9321494a4aa2 view report 6147fe1ead81ea570e3864500f203a9e3a0eb7c65e5f7a7ceaa74348c255e089:30e650dcdf0cb09e1e83f28bffc88bf55b5f898e: 64492 4 J      
5.0@62647: suspicious.embedded doc file
6.0@62757: suspicious.warning: object contains JavaScript
7.0@63211: suspicious.javascript object
14.0@63720: suspicious.warning: object contains JavaScript
3484d95b16b6c9241083c2e652c3b938 view report 922a287c4408189722bd10da625f8fde78ed9ac8d76f927b831abbaaf764a0f1:f77272f4fbf063767b215c366b49323d483d98d2: 64210 4 J      
5.0@62377: suspicious.embedded doc file
6.0@62484: suspicious.warning: object contains JavaScript
7.0@62932: suspicious.javascript object
14.0@63438: suspicious.warning: object contains JavaScript
a864d0f0ede2faf4ecd2ff7e59b52f92 view report ede61bda325bac4646d09d8d8b82a36c45b654d5ae733b6a3d850834c98f2273:/home/cuckoo/Code/pdf-documents/initial_pdfs/f0c89a6264c2566458dff4fa73aad176d6865dda.pdf: 697047 16 J      
321.0@596165: suspicious.obfuscation using charCodeAt
321.0@596165: suspicious.obfuscation using eval
321.0@596165: suspicious.obfuscation using substr
321.0@596165: suspicious.obfuscation using String.fromCharCode
321.0@596165: suspicious.warning: object contains JavaScript
8b0ee292fc233784ac0ee75c7c0afec3 view report 6f71ba910d1d846350d7928114618701ab14a88d5cfc5191b15be9e4fa0fbf97:/home/cuckoo/Code/pdf-documents/initial_pdfs/dcd4341b39681b1271e2759fc947360b07020179.pdf: 1425222 42 J      
322.0@1345206: suspicious.obfuscation using unescape
322.0@1345206: suspicious.obfuscation using eval
322.0@1345206: suspicious.obfuscation using String.replace
322.0@1345206: suspicious.warning: object contains JavaScript
377.0@1416179: suspicious.obfuscation using unescape
377.0@1416179: suspicious.obfuscation using substring
377.0@1416179: suspicious.string Shellcode NOP sled
377.0@1416179: pdf.exploit Collab.getIcon CVE-2009-0927
3c963b6c2c15d9aae4951d1f1fc66469 view report b3d426b19b66963ed3edb58180773b51c5fef03ac040cc17b48866977929ca55:287afdcd5fc9b2527f0f0657d0552691ab3516a2: 64236 4 J      
5.0@62409: suspicious.embedded doc file
6.0@62513: suspicious.warning: object contains JavaScript
7.0@62958: suspicious.javascript object
14.0@63464: suspicious.warning: object contains JavaScript