🛡️ Security Guide
PDF Malware Scanner
44 Forensic Engines. Free. Online.
PDF files are one of the most common malware delivery vectors — used in phishing campaigns, APT attacks, and exploit kits for decades. Most scanners can only find threats they have already seen. PQ PDF's 44 forensic engines detect both known and unknown threats: behavioral sandbox execution catches what a PDF does regardless of whether it has a signature, ML anomaly detection flags structurally abnormal files even with no prior example, and differential parsing exposes hidden objects whether or not they match any known exploit pattern — all free, with zero data retention.
44
Forensic engines
6.4M+
Offline threat indicators
6
Sandbox renderers
24
Report tabs
0
Data retained
No account. No upload limit. File deleted immediately after analysis.
What PDF files can hide
PDF Threats You Can't See by Opening the File
A PDF that opens and looks normal can still be malicious. The PDF specification is complex enough that attack vectors are buried in layers of structure that no viewer surfaces to the reader. Emotet used password-protected PDF lures to deliver macro-laced Word droppers. MuddyWater (Iranian APT) relied on PDF first-stage attachments throughout 2022–2024 campaigns against government targets. APT28 (Fancy Bear) distributed CVE-2015-2545 EPS-exploit PDFs in spear-phishing operations against NATO targets. More recently, QakBot and IcedID campaigns shifted entirely to PDF delivery after Microsoft disabled Office macros by default. These are the most common threat categories found in malicious PDFs:
Malicious JavaScript
PDF supports a full JavaScript engine. Attackers embed
eval(unescape(...)) shellcode loaders, heap spray sequences, and multi-layer obfuscated scripts that execute silently when the file opens in a vulnerable viewer.CVE Exploit Patterns
Specific byte sequences trigger bugs in PDF renderers. CVE-2009-0658 (JBIG2 heap overflow), CVE-2024-41869 (use-after-free in Adobe Reader), CVE-2024-45112 (type confusion) — the scanner has 24 YARA rules targeting these and more.
AcroForm Exfiltration
Interactive form fields can silently POST all field data — including typed passwords — to an attacker-controlled server via
/SubmitForm actions. Hidden fields collect data without user knowledge.OCG Layer Cloaking
Optional Content Groups (layers) can hide malicious content — JavaScript, phishing text, embedded payloads — in layers that are invisible in normal view but present in the file structure and executed by the parser.
Signature Forgery (Shadow Attack)
A PDF can display a valid digital signature while containing content the signer never approved. The Shadow Attack exploits
ByteRange gaps in the signature specification to hide malicious objects outside the signed byte range.Embedded Executables
PDF allows embedding arbitrary file attachments. Malicious PDFs routinely embed PE (.exe), ELF, OLE compound documents, VBA macro files, ZIP archives, and nested PDFs — activated by
/Launch actions or /EmbeddedFile streams.Phishing & Brand Impersonation
PDF is a common phishing delivery format. Fake login pages, QR codes pointing to credential-harvesting sites, and brand impersonation (Microsoft, DocuSign, Adobe) are embedded as interactive forms or URI actions.
Invisible & Unicode-Obfuscated Text
Text with rendering mode 3 (invisible) or 7 (clip only) is present in the PDF but never drawn. Combined with RTL override characters (
U+202E), attackers reverse filenames and URLs in a way that looks legitimate to a casual reader.XFA FormCalc Exploits
XFA (XML Forms Architecture) is a complex XML-based alternative form system supported by Adobe Reader. It contains its own scripting language (FormCalc) and has been the vehicle for multiple critical RCE vulnerabilities rarely analysed by general-purpose scanners.
Use cases
Who Should Scan a PDF Before Opening It?
PDF is the most common malware delivery format in targeted attacks. According to Verizon's DBIR, email attachments account for over 90% of malware delivery — and PDF is consistently in the top two formats alongside Office macros. These are the people who scan before they open:
SOC Analysts
Triaging email attachments from phishing alerts. Need MITRE ATT&CK mapping, IOC extraction, and a structured verdict they can attach to a ticket — not just a pass/fail AV result.
IT & Security Administrators
Checking vendor-supplied PDFs, software documentation, or procurement contracts before distributing inside the organisation. One malicious PDF forwarded internally becomes a lateral movement risk.
Legal & Compliance Teams
Law firms and compliance officers routinely receive PDFs from opposing parties, regulators, and clients — including adversarial actors who know the recipient will open the file. Privileged documents cannot be uploaded to VirusTotal.
Healthcare & Finance
Insurance claims, billing statements, and financial reports in PDF format are a known targeting vector for ransomware groups (including LockBit and Cl0p campaigns). Regulations like HIPAA prohibit sharing patient data with cloud services — offline scanning is required.
Malware Researchers
Analysts studying Emotet, MuddyWater, APT28, and other threat actors that use PDF as a first-stage delivery mechanism. The full 44-engine output and AI forensic report provide the depth needed to document a campaign technically.
Remote Workers
Receiving an unsolicited PDF on a work laptop — a courier notification, a contract revision, an invoice from an unknown sender. The HR and finance departments are the most-targeted recipients of spear-phishing PDFs.
How the alternatives compare
PQ PDF vs. VirusTotal, Hybrid Analysis, Adobe & MetaDefender
Antivirus engines answer one question: "Have we seen this before?" If a threat has been catalogued, they find it. If it hasn't — a zero-day exploit, a freshly obfuscated payload, a novel XFA FormCalc attack, a new JS shellcode loader — it passes straight through. PQ PDF answers a different question: "What does this PDF actually do?" Behavioral execution, ML anomaly detection, structural differential analysis, and entropy profiling find dangerous files whether or not any signature for them exists anywhere. Here is how the tools compare:
| Capability | PQ PDF Free · No account |
VirusTotal Free (account) · Online |
Hybrid Analysis Free (limited) · CrowdStrike |
Adobe Acrobat Pro ~$23/month |
MetaDefender OPSWAT · Paid |
|---|---|---|---|---|---|
| AV signature scanning | ✓ ClamAV 700k+ sigs | ✓ 70+ AV engines | ✓ CrowdStrike + partners | ✗ No AV scanning | ✓ 30+ AV engines |
| YARA rules (PDF-specific) | ✓ 24 custom PDF YARA rules | ⚠ Community rules, generic | ⚠ Generic YARA rules | ✗ No | ⚠ Limited, generic |
| Behavioral sandbox execution | ✓ 6 PDF renderers, isolated namespaces, strace | ⚠ General sandbox — not PDF-specific renderers | ✓ Good dynamic analysis, general sandbox | ✗ No sandbox | ⚠ Basic sandbox, limited PDF renderer coverage |
| PDF structural analysis (XRef, objects, streams) | ✓ 15 static engines built for PDF structure | ✗ AV engines scan bytes, not PDF structure | ✗ No structural PDF analysis | ✗ No structural analysis | ✗ No structural PDF analysis |
| JavaScript AST deobfuscation | ✓ Full AST deobfuscator + Acrobat API emulation | ✗ No | ⚠ Runtime observation only | ✗ No | ✗ No |
| XFA FormCalc parsing | ✓ Dedicated XFA parser engine | ✗ No | ✗ No | ✗ No | ✗ No |
| Signature forgery / Shadow Attack detection | ✓ ByteRange forensics engine | ✗ No | ✗ No | ✗ No | ✗ No |
| AcroForm exfiltration / hidden field analysis | ✓ Full field tree, SubmitForm targets, JS triggers | ✗ No | ✗ No | ✗ No | ✗ No |
| Six-parser differential comparison | ✓ MuPDF, Poppler, GS, qpdf, pdfminer, pdf.js | ✗ No | ✗ No | ✗ No | ✗ No |
| Machine learning anomaly detection | ✓ IsolationForest + RandomForest + LightGBM + SHAP | ✗ No | ✗ No | ✗ No | ✗ No |
| MITRE ATT&CK technique mapping | ✓ Every indicator mapped to technique IDs | ⚠ Some detections, not systematic | ✓ Good ATT&CK coverage | ✗ No | ⚠ Limited mapping |
| AI forensic narrative report | ✓ Self-hosted Qwen 2.5 — structured verdict + findings | ✗ No | ✗ No | ✗ No | ✗ No |
| File privacy / zero data retention | ✓ Deleted immediately, no external calls, no hashes shared | ✗ Files stored; hashes and reports are community-shared | ✗ Files stored; can be set private (paid only) | ✓ Local processing, file stays on your machine | ⚠ Enterprise tier offers private scanning |
| Offline threat intelligence | ✓ 6.4M+ indicators in local databases — zero external calls | ⚠ All queries sent to external services | ⚠ Online lookups | ✗ No threat intel | ⚠ Cloud-based lookups |
| Sanitize / clean the PDF | ✓ 9 methods: flatten-to-images, strip JS, remove XFA, PDF/A… | ✗ No | ✗ No | ✓ "Sanitize Document" removes active content | ⚠ Basic sanitization in some tiers |
| Cost | ✓ Free — no account required | ✓ Free with account (rate limited) | ✓ Free tier (limited submissions/day) | ✗ ~$23/month subscription | ✗ Paid — enterprise pricing |
The honest assessment: VirusTotal's 70+ AV engines are the best tool in existence for one specific question — "has this exact file been seen and named by the antivirus industry?" If you need community reputation across 70 vendors, use it. For everything else — detecting what a PDF does, finding zero-days, structural forensics, sanitization, MITRE ATT&CK mapping, and keeping your file private — PQ PDF does all of it, free, with no account required.
How the scanner works
All 44 Forensic Engines Explained
Every uploaded PDF passes through 44 independent analysis engines in a single request. Each engine is orthogonal — designed to catch a different class of threat that the others might miss. Results are correlated by a 45th synthesis layer that maps compound indicators to MITRE ATT&CK techniques.
Static Analysis — Structure & Byte Level
Engines 1–15
ENGINE 1
Structure Validator
Validates the PDF header, version declaration, cross-reference table, trailer dictionary, and byte offsets. Malformed structures are a hallmark of exploit kits that deliberately break parsers to hide objects.
ENGINE 2
Pattern Scanner
Byte-level search for dangerous PDF keywords:
/JavaScript, /JS, /Launch, /OpenAction, /AA, /EmbeddedFile, /RichMedia, /XFA, /AcroForm, heap spray constants, and shellcode sequences.ENGINE 3
Stream Inspector
Decompresses and inspects every stream object in the PDF. Computes per-stream entropy — high-entropy streams hidden inside otherwise clean documents are a strong indicator of encrypted payloads or steganographic content.
ENGINE 4
Object Analyzer
Traverses the full PDF object tree. Maps parent-child relationships, counts suspicious object types, identifies cross-reference anomalies (duplicate object numbers, phantom free entries), and enumerates all dictionary keys.
ENGINE 5
URL Extractor
Extracts all URIs from the PDF including hex-encoded, percent-encoded, and split/obfuscated variants. Flags
javascript:, data:, file://, and vbscript: schemes. All URLs are passed to the Threat Intelligence engine.ENGINE 6
Metadata Analyzer
Examines XMP and Info dictionary metadata: Creator, Producer, Author, creation date, modification date, and custom metadata keys. Detects exploit-kit fingerprints (Metasploit, msfvenom, Canvas, Core Impact) in tool identifiers.
ENGINE 7
Font Analyzer
Inspects every font object for non-standard encoding, oversized
/Widths arrays (historic heap-overflow vector), non-embedded fonts that trigger external font lookups, and suspicious glyph name mappings.ENGINE 8
CVE Pattern Matcher
Checks for
/JBIG2Decode (CVE-2009-0658), /JBIG2Globals exploit parameters, oversized /Widths arrays, and codec parameter combinations associated with heap-overflow and memory corruption CVEs in Adobe Reader and Foxit.ENGINE 9
Structural Statistics
Computes structural ratios: JavaScript-to-page ratio, stream-to-object ratio, compression diversity index, average object size, and entropy distribution. Statistically anomalous documents are flagged even without specific rule matches.
ENGINE 10
ExifTool Metadata Forensics
Runs ExifTool for deep metadata extraction that complements PyMuPDF's view. Independently confirms XFA form presence, surfaces embedded attachment flags, and detects creator/producer strings from known exploit-generation toolkits.
ENGINE 11
qpdf Structural Integrity
Runs
qpdf --check to validate cross-reference tables and trailer dictionaries from a second, independent parser. Intentionally malformed XRef tables are a hallmark of exploit kits designed to hide objects from basic parsers.ENGINE 12
YARA Rule Engine
Applies 24 custom YARA rules: heap-spray patterns (
%u9090, 0x0c0c), CVE-specific byte sequences (CVE-2009-0658, CVE-2024-41869, CVE-2024-45112), obfuscated JS loaders, XFA+script combos, Cobalt Strike beacon signatures, PowerShell encoded commands, and multi-layer encoder chains.ENGINE 13
PeePDF Deep Analysis
Independent analysis using the PeePDF framework — a completely separate parser that builds its own object tree independently of PyMuPDF. Provides a full second-opinion parse, locating vulnerability patterns with exact object IDs and identifying suspicious elements invisible to the primary parser.
ENGINE 14
ClamAV Signature Scanner
Runs the local ClamAV daemon against the file — 700,000+ signatures including the
Pdf.Exploit.* family covering CVE-2009-0927, CVE-2009-4324, and the Exploit.PDF-JS category. A ClamAV match means the file is a confirmed known threat.ENGINE 15
Polyglot Detection
Detects files that are simultaneously valid in two or more formats — a PDF that is also a valid ZIP, executable, or HTML file. Polyglot files are used to bypass content-type filters and exploit parser confusion vulnerabilities at file boundaries.
Dynamic Behavioral Analysis
Engine 16
ENGINE 16
Dynamic Behavioral Sandbox
The only engine that actually executes the PDF. Renders through six independent engines — Ghostscript (PostScript + JS interpreter), MuPDF, Poppler, LibreOffice Draw, Chromium PDFium (Chrome's engine — the most common modern viewer), and pdf.js/Node (Firefox engine) — each inside isolated Linux namespaces with its own network stack, PID space, and mount point. All syscalls captured by
strace. Detects: network beaconing, anonymous executable memory (shellcode), shell spawning, filesystem escape attempts, and process bombs. Static analysis sees structure; this engine sees what the PDF does.Machine Learning & Differential Parsing
Engines 17–18
ENGINE 17
ML Intelligence Engine
Extracts a 38-feature vector from all preceding engine outputs and applies three layers: Bayesian contextual scoring (dampens known-benign creator tools, amplifies exploit-kit fingerprints), IsolationForest anomaly detection (unsupervised, active from the first scan), and RandomForest + LightGBM classifiers with SHAP explainability. Reports top contributing features for each scan so analysts understand the ML verdict, not just the score.
ENGINE 18
Differential Parsing
Runs six independent PDF parsers — MuPDF (
mutool), Poppler, Ghostscript, qpdf, pdfminer, and pdf.js — and cross-compares eight structural dimensions: page count, object count, PDF version, JavaScript presence, encryption status, AcroForm presence, embedded file count, and OpenAction. Discrepancies mean the file exploits parser differences to hide objects — the signature of broken-xref exploit staging and incremental-update attacks.Threat Intelligence, JavaScript & Campaign Attribution
Engines 19–24
ENGINE 19
JS AST Deobfuscation
Parses embedded JavaScript to its abstract syntax tree, then applies symbolic simplification to undo
eval/unescape layers, string-split obfuscation, hexadecimal encoding, and multi-pass encoder chains. Surfaces the final deobfuscated payload for manual review.ENGINE 20
Threat Intelligence
Queries four fully offline local databases: URLhaus, MalwareBazaar, ThreatFox, and FeodoTracker + OpenPhish — 6.4M+ indicators including URLs, IPs, domains, file hashes, and botnet C2 addresses. Zero external API calls. All extracted URLs and IPs from the PDF are cross-referenced.
ENGINE 21
Signature Forensics
Analyses the PDF's digital signature (if present) using
ByteRange forensics. Detects Shadow Attacks — where a PDF displays a valid signature while concealing content outside the signed byte range — and verifies the signature covers the complete document.ENGINE 22
Phishing Detection
Combines regex heuristics with NLP analysis to detect credential-harvesting forms, QR codes pointing to phishing domains, brand impersonation (Microsoft, Adobe, DocuSign, DHL, PayPal), urgency language patterns, and deceptive URI display vs. actual destination mismatches.
ENGINE 23
Embedded File Analysis
Enumerates all embedded attachments. Identifies PE executables, ELF binaries, OLE compound documents, VBA macro files, ZIP archives, nested PDFs, and JavaScript files. Flags dangerous
/Launch actions that auto-execute embedded files on viewer interaction.ENGINE 24
Campaign Attribution
Computes a TLSH fuzzy hash of the PDF and compares it against previously scanned samples. Clusters similar files into malware families and named campaigns, reporting a similarity score and any known cluster associations. Reveals whether a file is a variant of a known threat.
PDF-Specific Deep Forensics
Engines 25–43
ENGINE 25
AcroForm Field Forensics
Enumerates every form field and analyses: JavaScript on
/A and /AA field events (focus, blur, keystroke, validate), hidden NoExport fields, password-type fields (credential harvesting), /SubmitForm exfiltration targets, and calculation-order chain exploitation across field objects.ENGINE 26
Document Revision History
Splits the PDF at each
%%EOF boundary and extracts per-revision metadata: author, producer, modification date, and changed/new/deleted object counts per revision. Detects author identity changes, execution vectors injected after original creation, and automated exploit staging via large final-revision object injections.ENGINE 27
Annotation Forensics
Examines every annotation object for dangerous action dictionaries:
javascript: URI schemes, JavaScript triggers on click/hover, /Launch actions that spawn programs, /GoToR remote links, and /SubmitForm in annotation actions — attack vectors completely invisible to byte-level scanners.ENGINE 28
Named Tree Analysis
Catalogues the full PDF action infrastructure: the Named JavaScript Registry (
/Names /JavaScript), /AA additional actions on page open/close/print/save, /OpenAction type classification, /DocMDP modification-prevention signatures that block sanitizers, and /Perms and /UR3 permission restriction exploitation.ENGINE 29
Content Stream Forensics
Inspects decompressed content streams for dangerous PostScript operators:
exec (dynamic execution), run (file execution), token (string-to-code eval), setpagedevice (PostScript-to-system bridge). Also detects malformed /ICCBased color profiles of anomalous size — the CVE-2021-21017 class of heap buffer overflows.ENGINE 30
Object Stream Analysis
PDF 1.5+ allows objects to be compressed into
/ObjStm containers — invisible to byte scanners. This engine decompresses every object stream and re-scans the content for JavaScript, Launch actions, EmbeddedFile references, and high-entropy payloads (entropy >7.5 bits) suggesting hidden encrypted content.ENGINE 31
PDF Token Obfuscation Decoder
Decodes hex-escaped PDF name tokens:
/J#61vaScript → /JavaScript, whitespace-split token injection, and null-byte injection in name objects. These bypass simple pattern matchers while remaining valid to the PDF renderer — a classic evasion technique found in real-world exploit kits.ENGINE 32
XFA FormCalc Parser
Extracts and parses XFA (XML Forms Architecture) streams including embedded FormCalc scripts. XFA-based attacks (CVE-2021 XFA class) are rarely covered by general-purpose scanners. Detects dangerous FormCalc function calls, script injection in XFA event handlers, and XFA-activated JavaScript triggers.
ENGINE 33
Action Dependency Graph
Maps the full chain of PDF actions:
/OpenAction → /AA → field actions → annotation triggers → named actions. Visualises multi-hop execution chains where a seemingly innocent trigger leads through a chain of named actions to a final exploit — invisible when examining any single action in isolation.ENGINE 34
OCG Layer Cloaking
Analyses Optional Content Groups (PDF layers). Malicious content — JavaScript, phishing text, embedded payloads, deceptive instructions — can be placed in a layer set to invisible by default, present in the file but never rendered to the user. This engine enumerates all layers and their visibility states, flagging hidden active content.
ENGINE 35
Unicode & Invisible Text Forensics
Detects text with rendering mode 3 (invisible — clips nothing, draws nothing) and mode 7 (clip only — used to silently position clickable areas). Flags RTL override characters (
U+202E) that reverse displayed filenames and URLs, and zero-width joiners used to split and reassemble malicious keywords.ENGINE 36
Trailer Chain Forensics
Analyses the chain of PDF trailer dictionaries across all incremental updates. Detects Shadow Attack variants where a second document is hidden in the byte gap between the end of the signed region and the actual EOF — allowing content replacement while preserving a valid digital signature.
ENGINE 37
Codec Parameter Validation
Validates stream filter parameters for exploit-relevant codecs:
/JBIG2Decode + /JBIG2Globals combinations (CVE-2009-0658 class), abnormally large /Columns and /Rows values in CCITT streams, and unusual parameter combinations in /CCITTFaxDecode and /DCTDecode filters associated with historic heap overflow exploits.ENGINE 38
Physical Entropy Topology
Maps byte-level entropy across the physical file in sliding windows, producing an entropy profile of the entire document. Locates encrypted or compressed regions at unexpected byte offsets, encrypted blobs appended after the nominal EOF, and entropy spikes that indicate hidden payload injection invisible to object-based analysis.
ENGINE 39
Image Steganography & Tracking Beacons
Runs LSB chi-square statistical analysis on raster images embedded in the PDF — elevated chi-square scores indicate LSB steganographic payload injection. Also detects tracking beacons: 1×1 pixel images with external URI references that phone home on document open, allowing attackers to confirm successful delivery without any explicit JavaScript.
ENGINE 40
PDF/A Compliance Fraud Detection
Checks whether a PDF claiming PDF/A or PDF/UA conformance (typically to pass corporate compliance filters) actually meets the standard. Documents falsely claiming archival conformance to bypass security gateways that whitelist "archival" formats are a known evasion technique.
ENGINE 41
JavaScript Behavioral Emulation
Executes embedded JavaScript in a sandboxed Acrobat API stub environment. Simulates the Acrobat object model (
app, this, util) to reveal what JavaScript does without a real viewer — catching payload assembly that requires runtime evaluation to surface.ENGINE 42
Font CharString Emulator
Emulates Type 1 and Type 2 font CharString programs (the bytecode embedded in font outlines) to detect
seac operator abuse (out-of-bounds glyph lookup), stack exhaustion via deeply nested subroutine calls, and arithmetic overflow patterns in CharString arithmetic — a class of font-engine exploits affecting all major PDF viewers.ENGINE 43
XRef Integrity Graph
Builds a complete cross-reference integrity graph and identifies: phantom objects (objects referenced in the XRef but absent from the file body), orphan sleepers (objects in the file body unreferenced by any XRef entry — hidden until a parser recovers them), and free-entry exploitation (objects with generation numbers manipulated to survive deletion).
Synthesis & AI Report
Engine 44 + AI
ENGINE 44
Correlation Engine
Evaluates 60+ compound patterns across all preceding engine outputs. Individual indicators may be low-risk in isolation — but
/OpenAction + embedded JavaScript + obfuscated URL + non-embedded font is a dangerous combination. The Correlation Engine awards bonus risk points (35–100) for such combinations and maps each compound pattern to MITRE ATT&CK technique IDs.AI REPORT
🤖 AI Forensic Report — Qwen 2.5
A self-hosted Qwen 2.5 model (running on a private GPU server — no third-party AI API) synthesises all 44 engine outputs into a structured verdict: threat classification, confidence level, key findings, MITRE ATT&CK technique grid, and recommended actions. Zero data leaves pqpdf.com infrastructure.
Risk assessment
How the Risk Score Works
Each indicator detected by any engine adds points based on its severity tier.
The Correlation Engine adds additional bonus points for dangerous indicator combinations — because a single
suspicious keyword is low-risk, but the combination of an /OpenAction, obfuscated JavaScript, and a known-malicious URL is definitively dangerous.
Severity tiers: Critical (+50 pts) · High (+25 pts) · Medium (+10 pts) · Low (+3 pts) — capped at 3 occurrences per indicator. Correlation Engine bonus: +35 to +100 points for dangerous compound patterns.
0
Clean
No indicators detected by any of the 44 engines.
1–14
Low Risk
Minor indicators only. Investigate before distribution.
15–54
Suspicious
Multiple indicators or one high-severity finding. Manual review recommended.
55+
Dangerous
Critical findings or dangerous indicator combinations. Do not open. Sanitize or discard.
Privacy & isolation
Your File Never Leaves Our Server
Uploading a potentially malicious PDF to an online scanner is only sensible if the scanner's security model is trustworthy. PQ PDF is designed around the principle that the scanner must be as safe to use as the file is dangerous.
Zero retention
The file is deleted from the server immediately after analysis completes. No copy, hash, or metadata is retained. No database entry of your file.
Four-layer isolation
Every analysis runs inside prlimit resource limits + AppArmor MAC policy + Linux user/mount/network/PID namespaces + private tmpfs. The file cannot escape its container.
Offline threat intelligence
All 6.4M+ threat indicators are stored in local PostgreSQL databases. No hash, URL, or byte from your file is transmitted to URLhaus, VirusTotal, or any external service.
Self-hosted AI
The AI report uses a Qwen 2.5 model hosted on a private GPU server. No content is sent to OpenAI, Anthropic, Google, or any third-party AI API.
No account required
No login, no email, no registration. There is no way to link a scan to a user identity because no identity is collected.
No tracking
No Google Analytics, no ad pixels, no third-party scripts. The CSP policy explicitly blocks all external script sources and third-party connections.
Common questions
Frequently Asked Questions
VirusTotal's 70+ engines are all signature-based — they can only identify threats that have already been catalogued. A zero-day exploit, a freshly obfuscated shellcode loader, or a novel attack pattern passes through clean because no signature exists for it yet. PQ PDF does not rely on prior knowledge. The behavioral sandbox catches what the PDF does — if it tries to beacon out, spawn a shell, or allocate executable memory, that is detected regardless of whether the payload is known. The ML IsolationForest flags structurally anomalous files without needing a prior example. Differential parsing across six independent parsers exposes hidden objects whether or not the content matches any known exploit. Entropy topology locates suspicious byte regions based on information-theoretic anomaly, not signatures. VirusTotal answers "has this file been seen before?" PQ PDF answers "what does this PDF actually do?" — including for threats no scanner has encountered yet.
Yes. Every file is processed in a four-layer isolated environment:
prlimit resource limits, AppArmor MAC policy (pqpdf-unshare profile), Linux user + mount + network + PID namespaces, and a private tmpfs mount. The behavioral sandbox adds another nested namespace with its own isolated network stack. The file is deleted immediately after analysis — no copy, hash, or metadata is retained.
No. All 44 engines run entirely on pqpdf.com infrastructure. The Threat Intelligence engine queries four local PostgreSQL databases containing 6.4M+ indicators — zero external API calls. ClamAV runs against a local signature database. The AI report uses a self-hosted Qwen 2.5 model on a private GPU server. No byte, hash, URL, or filename is transmitted to any third party.
JavaScript attacks: eval+unescape shellcode loaders, AST-deobfuscated payloads, heap spray sequences, Acrobat API exploitation.
CVE-specific exploits: CVE-2009-0658 (JBIG2 heap overflow), CVE-2024-41869 (use-after-free), CVE-2024-45112 (type confusion), and 20+ others via 24 custom YARA rules.
Form-based attacks: AcroForm credential harvesting, hidden fields, SubmitForm exfiltration, XFA FormCalc exploits.
Structural attacks: XRef Shadow Attacks (signature forgery), OCG layer cloaking, Unicode invisible text, polyglot files, PDF token obfuscation.
Behavioral threats: Anything that causes network beaconing, shell spawning, or executable memory allocation when the PDF is rendered — caught by the behavioral sandbox regardless of whether a static signature exists.
CVE-specific exploits: CVE-2009-0658 (JBIG2 heap overflow), CVE-2024-41869 (use-after-free), CVE-2024-45112 (type confusion), and 20+ others via 24 custom YARA rules.
Form-based attacks: AcroForm credential harvesting, hidden fields, SubmitForm exfiltration, XFA FormCalc exploits.
Structural attacks: XRef Shadow Attacks (signature forgery), OCG layer cloaking, Unicode invisible text, polyglot files, PDF token obfuscation.
Behavioral threats: Anything that causes network beaconing, shell spawning, or executable memory allocation when the PDF is rendered — caught by the behavioral sandbox regardless of whether a static signature exists.
Yes. After scanning, the Sanitize panel offers 9 removal methods: flatten to images (the most aggressive — rasterizes every page, producing a pixel-for-pixel PDF with zero active content whatsoever), strip JavaScript, remove embedded files, remove annotations, remove XFA forms, remove metadata, linearize, repair structure, and convert to PDF/A. For confirmed-dangerous files, flatten-to-images is the recommended method.
Hybrid Analysis and ANY.RUN sandbox files and map runtime behaviors to MITRE ATT&CK — PQ PDF does both of those too, running the PDF through six independent renderers with full syscall capture and mapping every indicator to ATT&CK technique IDs. The key difference is that those platforms stop at behavioral observation. PQ PDF additionally runs 43 other engines that answer different questions: what is the PDF's structure hiding? (differential parsing, XRef integrity, object stream analysis), what does the JavaScript actually do after unwrapping all obfuscation? (JS AST deobfuscation + Acrobat API emulation), is this structurally abnormal even without a known pattern? (ML IsolationForest anomaly detection), and does it contain a zero-day exploit embedded in a codec parameter or font CharString? — none of which require a prior signature. PQ PDF also sanitizes the file with 9 removal methods. The only thing those platforms offer that PQ PDF doesn't is a community database of previously submitted files. That is the only question PQ PDF cannot answer: "have other people uploaded this exact file before?"
Typically 15–45 seconds for a standard PDF. The behavioral sandbox (rendering through 6 engines) and the ML intelligence engine are the dominant costs. Very large PDFs or files with heavy JavaScript may take up to 90 seconds. The AI forensic report adds a few seconds. An animated engine strip shows each of the 44 passes completing in real time.
Scan Your PDF Now — Free
No account. No file size limit. Results in under a minute.
File deleted immediately. Zero data retained.
🔬 Open PDF Forensics Scanner
File deleted immediately. Zero data retained.