PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
f2b01a86957e0b50108807a37adc01ca view report 408c1893c1d67a07e786049dd3b3e9efd708dff33912b2ff2351d9177632f5b4:093.vir: 159309 4        
48.0@1284: pdf.exploit execute EXE file
71.0@2161: pdf.exploit execute EXE file
72.0@2323: pdf.exploit execute EXE file
103d1334bf5a7432e26ec83e2f161770 view report c404b3f2a954e6c72ae1e0f83732354ae5f13be0d6d65f2ebca27661379fc865:/nrth/rctcffshrdrllngrvw/nvkrndtbl/inuvik-roundtable-app-for-funding-fra.pdf: 725448 13 J      
303.0@1501: suspicious.warning: object contains JavaScript
304.0@1992: suspicious.warning: object contains JavaScript
305.0@2339: suspicious.warning: object contains JavaScript
42.0@693858: suspicious.javascript in XFA block
42.0@693858: suspicious.obfuscation toString
42.0@693858: suspicious.warning: object contains JavaScript
3ac6a1a34d60697c62edb1a287dfa54f view report 5ec509313e1a67066a48337838927bfd38dc1819d9063c23464b946511b690f1:oplata-citypay-webmoney.pdf: 466639 12        
30.0@258960: suspicious.obfuscation using eval
31.0@350792: suspicious.obfuscation using eval
32.0@387380: suspicious.obfuscation using eval
263c3e2d0549a220aad466121e37f8e0 view report 9bd57094b817709749bd2ca384f41415a24f011404511b8cb2845997da83354e:263c3e2d0549a220aad466121e37f8e0_b434641dc4f0b835b9068cea5f9787a94e97598e (1).pdf: 24797 90        
1.0@9: pdf.exploit using TIFF overflow CVE-2010-0188
1.0@9: suspicious.string base 64 nop sled used in TIFF overflow CVE-2010-0188
1.0@9: pdf.exploit TIFF overflow CVE-2010-0188
-1.-1@3281: suspicious.warning: end of file contains content
52aee6bc8fb4c52521e0eb19d8bcd885 view report 64bd826366ae051c747a3eae8bb957a98fee0029e3ad8dffc54da533ca8d942e:/pop/annex/cats/2009/cert/eatonville_2008-8.pdf: 502344 6 J      
185.0@3501: suspicious.javascript object
186.0@3546: suspicious.javascript object
187.0@3591: suspicious.javascript object
188.0@3636: suspicious.warning: object contains JavaScript
189.0@4126: suspicious.warning: object contains JavaScript
190.0@4472: suspicious.warning: object contains JavaScript
f9f2118b7bf5300c14e7c68305fa1190 view report fc41880cf3cddae17224b5724b52384a109eb55044c4a710fe7f4beab7257b55:/pop/annex/cats/2009/cert/portorchard_048-08.pdf: 486397 6 J      
185.0@3499: suspicious.javascript object
186.0@3544: suspicious.javascript object
187.0@3589: suspicious.javascript object
188.0@3634: suspicious.warning: object contains JavaScript
189.0@4124: suspicious.warning: object contains JavaScript
190.0@4470: suspicious.warning: object contains JavaScript
1c6ed67cb4f95750e23399357ccb6a9d view report 85c1678cdb8ac644cbf445adbe80650620ae5dbee0a52df7d4cdc2117f9f4d1f:/nrth/rctcffshrdrllngrvw/nvkrndtbl/inuvik-roundtable-registration-form-fra.pdf: 512066 13 J      
95.0@1215: suspicious.warning: object contains JavaScript
96.0@1705: suspicious.warning: object contains JavaScript
97.0@2051: suspicious.warning: object contains JavaScript
3.0@490505: suspicious.javascript in XFA block
3.0@490505: suspicious.obfuscation toString
3.0@490505: suspicious.warning: object contains JavaScript
99481c8dc7509f9aec5b55a8875abcfb view report 4df5ba9e00cdabebd91bc1a84afe892f8d599bf91b0e7b75c1005a44d3cb7d72:/Portals/2/2_Part%205%20-%20Additional%20Information%20the%20Applicant%20Wishes%20to%20Provide.pdf: 1951832 6 J      
2436.0@2083: suspicious.javascript object
2437.0@2130: suspicious.javascript object
2438.0@2177: suspicious.javascript object
2439.0@2224: suspicious.warning: object contains JavaScript
2440.0@2715: suspicious.warning: object contains JavaScript
2441.0@3062: suspicious.warning: object contains JavaScript
2acb1ff672407a145b11fbd2f73c4322 view report a2acc1aa55e19dde3283815329f06e495f693b2353a41be4d5697ce8b1bb114b:/UserFiles/File/Certificate_Employment.pdf: 384322 6 J      
82.0@370525: suspicious.warning: object contains JavaScript
83.0@370870: suspicious.javascript object
84.0@370913: suspicious.warning: object contains JavaScript
85.0@371621: suspicious.javascript object
86.0@371664: suspicious.warning: object contains JavaScript
87.0@372153: suspicious.javascript object
3a3b0e008272292d24a4e3d87f7f2c81 view report da56aa84f4d4b0f8da878c2a922b22dae6a22aa4ae641fe83ef904c6892ba0b3:/UserFiles/File/Declaration.pdf: 383073 6 J      
73.0@369834: suspicious.warning: object contains JavaScript
74.0@370179: suspicious.javascript object
75.0@370222: suspicious.warning: object contains JavaScript
76.0@370930: suspicious.javascript object
77.0@370973: suspicious.warning: object contains JavaScript
78.0@371462: suspicious.javascript object
06544631f75c16a8c8fd8a4e087ce265 view report 8688bc58b8bbfb08ab2a0277a1ac8fa8343fa2e31a20f0f296ffa7a477ab5cf1:/UserFiles/File/Certificate_remariage.pdf: 381670 6 J      
75.0@369097: suspicious.warning: object contains JavaScript
76.0@369442: suspicious.javascript object
77.0@369485: suspicious.warning: object contains JavaScript
78.0@370193: suspicious.javascript object
79.0@370236: suspicious.warning: object contains JavaScript
80.0@370725: suspicious.javascript object
f86bdd5ca275e88b1c32002681237061 view report 5cb8712711304a5fddf72fcb0d37fed7a4bb90619214505a2bcb2547d27c8d95:/Portals/2/General%20Part%20-%20Application%20For%20A%20Licence%20or%20Certificate%20As%20A%20Financial%20Services%20Business%20Provider%20(Revised)%20Jan.%202012.pdf: 776120 13 J      
515.0@747465: suspicious.warning: object contains JavaScript
516.0@747811: suspicious.javascript object
517.0@747856: suspicious.warning: object contains JavaScript
518.0@748565: suspicious.javascript object
519.0@748610: suspicious.warning: object contains JavaScript
520.0@749100: suspicious.javascript object
525.0@750345: suspicious.javascript in XFA block
525.0@750345: suspicious.warning: object contains JavaScript
ead61a9fcf620c2c0ff910fdbae24394 view report b246413a242d9db4ca1b8cd08cebde988b6b060e6ba32682b07244e9ff62fa0c:Atto.pdf: 2042984 7 J   P  
18.0@1997567: suspicious.pdf embedded PDF file
18.0@1997567: suspicious.warning: object contains embedded PDF
19.0@2041749: suspicious.warning: object contains JavaScript
20.0@2041858: pdf.exploit execute EXE file
20.0@2041858: pdf.exploit access system32 directory
20.0@2041858: pdf.exploit execute action command
20.0@2041858: pdf.execute exe file
20.0@2041858: pdf.execute access system32 directory
19dc3b9b2846cee65bce8410dcf3b34b view report def.pdf 1790 1 J      
9.0@1387: suspicious.warning: object contains JavaScript
eaff06e14fdf69985493e5d6146ecfcb view report fa71a6b8f93af9631ffeeb731c52bf2d4f6043910798fde5d9689a4bb365aa5d:/pdf/stronger-online-security-factsheet.pdf: 265315 23        
74.0@2345: suspicious.obfuscation using charCodeAt
74.0@2345: suspicious.obfuscation using eval
74.0@2345: suspicious.obfuscation using String.replace
74.0@2345: suspicious.obfuscation getAnnots access blocks
114.0@3332: suspicious.obfuscation using charCodeAt
114.0@3332: suspicious.obfuscation using eval
114.0@3332: suspicious.obfuscation using String.replace
114.0@3332: suspicious.obfuscation getAnnots access blocks