
All malicious PDF documents with JavaScript I’ve seen in the wild had an automatic action to launch the JavaScript without user interaction. AA and /OpenAction indicate an automatic action to be performed when the page/document is viewed. Of course, you can also find JavaScript in PDF documents without malicious intend. Almost all malicious PDF documents that I’ve found in the wild contain JavaScript (to exploit a JavaScript vulnerability and/or to execute a heap spray). JS and /JavaScript indicate that the PDF document contains JavaScript. Can I safely read the pdf after using the pdfid -d command?.If possible, explain with simple examples.

Which of these (AA, ObjStm, XFA, etc) are really dangerous? Yeah, I read here about the values of these items, but still don't know how to react to them.But antiviruses do not always find what's wrong, right? I also checked the file with virustotal, where it says that the file is clean. When checking the file via pdfid, I get this: PDF Header:% PDF-1.6
