Malware Tracker Malware Tracker [static + dynamic analysis]

Login

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
c55f02fd141b72ffc3cc081575bca17d view report 704002c9f7f38a755ff7b18221c92c1bbfdc7b78d8141968c04c4fd8bb2c2904 5895 20 J      
1.0@15: suspicious.obfuscation using unescape
1.0@15: suspicious.obfuscation using substring
1.0@15: suspicious.warning: object contains JavaScript
6.0@4685: suspicious.warning: object contains JavaScript
3ce78bc2c153cfd2ac2021212c48847e view report ce7b2309092f02e177d78c67689d127e3a1fac1b430ad33e253cbb004f20e288 25640 82 J      
5.0@373: suspicious.obfuscation using unescape
5.0@373: suspicious.obfuscation using substring
5.0@373: suspicious.string Shellcode NOP sled
5.0@373: pdf.exploit Collab.getIcon CVE-2009-0927
5.0@373: suspicious.warning: object contains JavaScript
1e89900da691c0e8c08f35c1c1865cc4 view report 1a8dd32ea7caaec03586af23be354942648b2e975e38b7acd67b5bcce6ac37a6 45829 28 J      
8.0@741: suspicious.warning: object contains JavaScript
10.0@1048: pdf.exploit fontfile SING table overflow CVE-2010-2883 A
12.0@41490: suspicious.obfuscation using unescape
12.0@41490: suspicious.obfuscation using substring
12.0@41490: suspicious.string heap spray shellcode
12.0@41490: suspicious.string shellcode
12.0@41490: suspicious.warning: object contains JavaScript
14.0@45045: suspicious.warning: object contains JavaScript
d9857dae1ac9f5ce58b409c9c20d5b3e view report 4ab040068aed725e325fbb2c096cce5d088e221c46c955c1762cbe76e6d1e86f 10649 30        
1.0@17: pdf.exploit TIFF overflow CVE-2010-0188
79992017559e046760c5a6f6771975ed view report 0b47a236f040df066982e4b6194390e5c924fb0576e345dbc016929ade3a8088 46028 28 J      
8.0@731: suspicious.warning: object contains JavaScript
10.0@1014: pdf.exploit fontfile SING table overflow CVE-2010-2883 A
12.0@41454: suspicious.obfuscation using unescape
12.0@41454: suspicious.obfuscation using substring
12.0@41454: suspicious.string heap spray shellcode
12.0@41454: suspicious.string shellcode
12.0@41454: suspicious.warning: object contains JavaScript
14.0@45244: suspicious.warning: object contains JavaScript
d3c2b86b4799317a069ee8ac901b2da8 view report e8c9c89dae40d68c7f85f3a5ac801683bb8f5ddab62acde1299fb4a97571ba4c 6573 19 J      
6.0@554: suspicious.obfuscation using unescape
6.0@554: suspicious.obfuscation using substring
6.0@554: suspicious.warning: object contains JavaScript
8ecdeceab776e74453b04bca443dae30 view report 27fa3ceaa8f02f4bc4a1c59e33968ac15fef5e7da6ccfad2f91a5e83f648bb4b 244032 8 J      
9.0@207026: suspicious.warning: object contains JavaScript
15.0@233842: suspicious.warning: object contains JavaScript
0.0@240105: suspicious.obfuscation using charCodeAt
0.0@240105: suspicious.obfuscation toString
0.0@240105: suspicious.obfuscation using String.fromCharCode
0.0@240105: suspicious.obfuscation using String.replace
0.0@240105: suspicious.obfuscation using substring
-1.-1@240176: suspicious.warning: end of file contains content
48586c63253348e494c1b2006c5839d4 view report 3e8a06e7017f09e1b53cff5854eac175d8896581c014b657e149a79ec6f7eeae 814695 7     P  
426.0@769063: suspicious.pdf embedded PDF file
426.0@769063: suspicious.warning: object contains embedded PDF
427.0@813364: suspicious.javascript object
428.0@813504: pdf.exploit execute EXE file
428.0@813504: pdf.exploit access system32 directory
428.0@813504: pdf.exploit execute action command
428.0@813504: pdf.execute exe file
428.0@813504: pdf.execute access system32 directory
797ccfe0249e9e2d242403e2e0cd5d22 view report 4c2e6bfcae491f357c1b0f441962c791ec9942bed545b4e6aa5b806311efb796 6764 52 J      
6.0@427: suspicious.obfuscation using unescape
6.0@427: suspicious.obfuscation using substring
6.0@427: suspicious.string Shellcode NOP sled
6.0@427: pdf.exploit util.printf CVE-2008-2992
6.0@427: suspicious.warning: object contains JavaScript
9096d7721b9b2229535afbcd89a44382 view report 47747766c18a8e9d7da64d85acc829d97c9b171a5aa228d7f4b7c632d9ca675b 6969 49 J      
6.0@417: suspicious.obfuscation using unescape
6.0@417: suspicious.obfuscation using substring
6.0@417: pdf.exploit util.printf CVE-2008-2992
6.0@417: suspicious.warning: object contains JavaScript
908293b84f25c61aa031259570946286 view report 45307e0e9e822259ee1330a26b015087d4c053f9c3e007a444664cbefc8aaa75 6816 49 J      
6.0@423: suspicious.obfuscation using unescape
6.0@423: suspicious.obfuscation using substring
6.0@423: pdf.exploit Collab.collectEmailInfo CVE-2008-0655
6.0@423: suspicious.warning: object contains JavaScript
ed329f1784e209fb31074529891fa7e2 view report df7486716f8a63255a415a1bb0f7c97a0650d8c68eb06f8eaf75b57f92f3ca72 6802 49 J      
6.0@413: suspicious.obfuscation using unescape
6.0@413: suspicious.obfuscation using substring
6.0@413: pdf.exploit Collab.collectEmailInfo CVE-2008-0655
6.0@413: suspicious.warning: object contains JavaScript
54bb6a5d1b01f5fc4e1ca872ce3b2423 view report e6f6fee37eaff676a10c8fd26ac2f61ca5ddc5a7ca64b349575daa56a62078cf 46296 8 J   P  
4.0@373: suspicious.warning: object contains JavaScript
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@45058: suspicious.javascript object
10.0@45165: pdf.exploit execute EXE file
10.0@45165: pdf.exploit access system32 directory
10.0@45165: pdf.exploit execute action command
10.0@45165: pdf.execute exe file
10.0@45165: pdf.execute access system32 directory
55f2117d2765eab81866e55bc3e70cb5 view report b6e850dd07f86f772af741eb966c631c3dc201c56eec8fea615e3b91f17b428f 14691 8 J      
43.0@11817: suspicious.obfuscation using substr
43.0@11817: suspicious.javascript in XFA block
43.0@11817: suspicious.warning: object contains JavaScript
45.0@13164: suspicious.warning: object contains JavaScript
fdc90a98990c6126af15da5e7b1a27b8 view report 48334230863c046ed57dfe51a260d76dd2c05b0583ad8b20241856bfb3f885bf 247622 4 J      
11.0@209742: suspicious.warning: object contains JavaScript
17.0@236559: suspicious.warning: object contains JavaScript
0.0@242816: suspicious.obfuscation using eval
0.0@242816: suspicious.obfuscation using String.fromCharCode
-1.-1@242887: suspicious.warning: end of file contains content