Malware Tracker Malware Tracker [static + dynamic analysis]

Login

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
513731703567d73093ee0f7426a26892 view report f2a01378dce94b65b0b9785ce22f79abf71bd56315f48f25aa86111068c8fd0f 903848 31 J      
1162.0@576926: suspicious.warning: object contains JavaScript
1203.0@586093: suspicious.warning: object contains JavaScript
1241.0@593741: suspicious.warning: object contains JavaScript
1279.0@601380: suspicious.warning: object contains JavaScript
1318.0@609130: suspicious.warning: object contains JavaScript
1356.0@616776: suspicious.warning: object contains JavaScript
1394.0@624665: suspicious.warning: object contains JavaScript
1432.0@632311: suspicious.warning: object contains JavaScript
1470.0@639957: suspicious.warning: object contains JavaScript
1508.0@647603: suspicious.warning: object contains JavaScript
1546.0@655510: suspicious.warning: object contains JavaScript
1584.0@663156: suspicious.warning: object contains JavaScript
1623.0@670915: suspicious.warning: object contains JavaScript
1661.0@678561: suspicious.warning: object contains JavaScript
1699.0@686481: suspicious.warning: object contains JavaScript
1737.0@694420: suspicious.warning: object contains JavaScript
1775.0@702340: suspicious.warning: object contains JavaScript
1813.0@709986: suspicious.warning: object contains JavaScript
1851.0@717632: suspicious.warning: object contains JavaScript
1889.0@725278: suspicious.warning: object contains JavaScript
1927.0@732926: suspicious.warning: object contains JavaScript
1965.0@740802: suspicious.warning: object contains JavaScript
2003.0@748448: suspicious.warning: object contains JavaScript
2041.0@756356: suspicious.warning: object contains JavaScript
2079.0@764002: suspicious.warning: object contains JavaScript
2117.0@771650: suspicious.warning: object contains JavaScript
2155.0@779299: suspicious.warning: object contains JavaScript
2193.0@787217: suspicious.warning: object contains JavaScript
2231.0@794872: suspicious.warning: object contains JavaScript
2269.0@802527: suspicious.warning: object contains JavaScript
2307.0@810182: suspicious.warning: object contains JavaScript
f79efc83b5cfc7ad48333f6ee63b4d8e view report f681bc0e0e4123f2f61103a8848cc37079b8a26d800bda9b2f25da9b49015a0c 934162 46 J      
6514.0@394310: suspicious.warning: object contains JavaScript
1123.0@692772: suspicious.warning: object contains JavaScript
1138.0@695385: suspicious.warning: object contains JavaScript
1147.0@697494: suspicious.warning: object contains JavaScript
1156.0@699603: suspicious.warning: object contains JavaScript
1165.0@701712: suspicious.warning: object contains JavaScript
1174.0@703825: suspicious.warning: object contains JavaScript
1183.0@705936: suspicious.warning: object contains JavaScript
1217.0@714522: suspicious.warning: object contains JavaScript
1249.0@722936: suspicious.warning: object contains JavaScript
1282.0@731467: suspicious.warning: object contains JavaScript
1314.0@739884: suspicious.warning: object contains JavaScript
1323.0@741995: suspicious.warning: object contains JavaScript
1332.0@744106: suspicious.warning: object contains JavaScript
1341.0@746217: suspicious.warning: object contains JavaScript
1350.0@748328: suspicious.warning: object contains JavaScript
1359.0@750420: suspicious.warning: object contains JavaScript
1368.0@752534: suspicious.warning: object contains JavaScript
1377.0@754645: suspicious.warning: object contains JavaScript
1409.0@763051: suspicious.warning: object contains JavaScript
1418.0@765161: suspicious.warning: object contains JavaScript
1427.0@767275: suspicious.warning: object contains JavaScript
1436.0@769386: suspicious.warning: object contains JavaScript
1445.0@771497: suspicious.warning: object contains JavaScript
1454.0@773608: suspicious.warning: object contains JavaScript
1463.0@775722: suspicious.warning: object contains JavaScript
1472.0@777833: suspicious.warning: object contains JavaScript
1481.0@779944: suspicious.warning: object contains JavaScript
1490.0@782054: suspicious.warning: object contains JavaScript
1499.0@784165: suspicious.warning: object contains JavaScript
1508.0@786278: suspicious.warning: object contains JavaScript
1517.0@788387: suspicious.warning: object contains JavaScript
1526.0@790498: suspicious.warning: object contains JavaScript
1535.0@792608: suspicious.warning: object contains JavaScript
1544.0@794719: suspicious.warning: object contains JavaScript
1576.0@803123: suspicious.warning: object contains JavaScript
1608.0@811533: suspicious.warning: object contains JavaScript
1617.0@813629: suspicious.warning: object contains JavaScript
1626.0@815737: suspicious.warning: object contains JavaScript
1635.0@817851: suspicious.warning: object contains JavaScript
1644.0@819957: suspicious.warning: object contains JavaScript
1662.0@822792: suspicious.warning: object contains JavaScript
1694.0@831206: suspicious.warning: object contains JavaScript
1703.0@833319: suspicious.warning: object contains JavaScript
1712.0@835432: suspicious.warning: object contains JavaScript
1721.0@837545: suspicious.warning: object contains JavaScript
6f49c3cd83e2ec9a09b397844f2f0aeb view report signal_sigsegv_f4716324_2848_2913.pdf 267121 13 J      
3.0@5488: suspicious.javascript in XFA block
3.0@5488: suspicious.obfuscation toString
3.0@5488: suspicious.warning: object contains JavaScript
93.0@70391: suspicious.warning: object contains JavaScript
94.0@71754: suspicious.warning: object contains JavaScript
95.0@72705: suspicious.warning: object contains JavaScript
38dcbc812750e59acd77acda59ef478d view report 2f264e91a9cfcde76c2debb67ce438f3f6c11e684e4df064a9789740f3fcf711 246823 2        
0.0@242017: suspicious.obfuscation using eval
0.0@242017: suspicious.obfuscation using String.fromCharCode
-1.-1@242088: suspicious.warning: end of file contains content
714225957902decd962cb91397fc4dfa view report 2cfcad9450d37a80ba9bf3c6aaebfa1bad14d855d655f3b5f422a29726c4399a 60648 6     P  
21.0@15110: suspicious.pdf embedded PDF file
21.0@15110: suspicious.warning: object contains embedded PDF
23.0@59672: pdf.exploit execute EXE file
23.0@59672: pdf.exploit access system32 directory
23.0@59672: pdf.exploit execute action command
23.0@59672: pdf.execute exe file
23.0@59672: pdf.execute access system32 directory
0c891ed119d6b8fd94a3e1e75ae4e194 view report c11a68440e1a3e070f3a76ba1e887c608aff4e633985557a54d95772f621a92f 451568 37 J      
48.0@850: suspicious.warning: object contains JavaScript
49.0@1327: suspicious.warning: object contains JavaScript
50.0@1673: suspicious.warning: object contains JavaScript
3.0@4774: suspicious.obfuscation using charCodeAt
3.0@4774: suspicious.obfuscation using eval
3.0@4774: suspicious.javascript in XFA block
3.0@4774: suspicious.obfuscation toString
3.0@4774: suspicious.obfuscation using substr
3.0@4774: suspicious.obfuscation using String.replace
3.0@4774: suspicious.obfuscation using substring
3.0@4774: suspicious.obfuscation using app.setTimeOut to eval code
3.0@4774: suspicious.warning: object contains JavaScript
585af4bdb8f94365c7c54a3805d44a5e view report 72c443413238fa97a60b5eb05b6f8beeffc4070ee731d26991f83e50b6345ec3 13458 7 J      
43.0@11370: suspicious.javascript in XFA block
43.0@11370: suspicious.warning: object contains JavaScript
d90870aa2ebaa565ed1f4631a365f7d6 view report a8ee14131a47e7c1c24b290965dff83f7aa204b34ebe1aa256d7148d0edac4be 13475 7 J      
43.0@11370: suspicious.javascript in XFA block
43.0@11370: suspicious.warning: object contains JavaScript
3be05139ce256167c3d94753da953b6a view report 8e97d523b863d2e438a9f276f51eb12453b97eea21b9fc92680730c1490f621d 13490 7 J      
43.0@11370: suspicious.javascript in XFA block
43.0@11370: suspicious.warning: object contains JavaScript
c3883ef588622dd39f7ff51529d994ba view report 503ed26a88609acc0f12fe23b1fbb43d7a89517c96a6bf933ffb4f07708841eb 45878 26 J      
10.0@1012: pdf.exploit fontfile SING table overflow CVE-2010-2883 A
12.0@41438: suspicious.obfuscation using unescape
12.0@41438: suspicious.obfuscation using substring
12.0@41438: suspicious.string heap spray shellcode
12.0@41438: suspicious.string shellcode
12.0@41438: suspicious.warning: object contains JavaScript
5679705293fcc683029c43d66876e1b4 view report 9c354659b166d06f64687ece99150d77abc70fda02a64a734f9b17d17a303ba7 3089 29 J      
1.0@33: suspicious.warning: object contains JavaScript
13.0@857: suspicious.obfuscation using unescape
13.0@857: suspicious.obfuscation using charCodeAt
13.0@857: suspicious.obfuscation toString
13.0@857: suspicious.obfuscation using String.replace
13.0@857: suspicious.obfuscation using substring
13.0@857: suspicious.warning: object contains JavaScript
56fd63915576436d6175769af99b7ac8 view report 74c1c772aa2e2d8f3a668d0bd7fdb0e418595e80724b499f5e7cf9d6bb5aac31 3083 29 J      
1.0@33: suspicious.warning: object contains JavaScript
13.0@860: suspicious.obfuscation using unescape
13.0@860: suspicious.obfuscation using charCodeAt
13.0@860: suspicious.obfuscation toString
13.0@860: suspicious.obfuscation using String.replace
13.0@860: suspicious.obfuscation using substring
13.0@860: suspicious.warning: object contains JavaScript
4ffbf54019768718f4bb6bab70f805db view report 9e7164c14ec8f9bcd4f65d273a34d021f6a4668be46ec68c726202afdf22f99a 3086 29 J      
1.0@33: suspicious.warning: object contains JavaScript
13.0@859: suspicious.obfuscation using unescape
13.0@859: suspicious.obfuscation using charCodeAt
13.0@859: suspicious.obfuscation toString
13.0@859: suspicious.obfuscation using String.replace
13.0@859: suspicious.obfuscation using substring
13.0@859: suspicious.warning: object contains JavaScript
4d357f33ea8f7f89371c86bbee2eb339 view report 7faff9a65c736f0e4b3eb212d472d8484c8134f91da31367364895dc02441cfb 3096 29 J      
1.0@33: suspicious.warning: object contains JavaScript
13.0@863: suspicious.obfuscation using unescape
13.0@863: suspicious.obfuscation using charCodeAt
13.0@863: suspicious.obfuscation toString
13.0@863: suspicious.obfuscation using String.replace
13.0@863: suspicious.obfuscation using substring
13.0@863: suspicious.warning: object contains JavaScript
4c1d24c287f094a75b13ac0bd9a6ac52 view report 9878a1f5ed54815a5183e83f246311b4f61e7d7e0a4e46aa4ea3e47e07bbd8e4 3109 29 J      
1.0@33: suspicious.warning: object contains JavaScript
13.0@864: suspicious.obfuscation using unescape
13.0@864: suspicious.obfuscation using charCodeAt
13.0@864: suspicious.obfuscation toString
13.0@864: suspicious.obfuscation using String.replace
13.0@864: suspicious.obfuscation using substring
13.0@864: suspicious.warning: object contains JavaScript