Malware Tracker [static + dynamic analysis]

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
935083fcc85e5c2307dc282825d5e815 view report afcebcf9fd4291e3f078503cfae6d61d5761c75273a60de9d573d6db52c20e09 306400 6        
0.0@302473: suspicious.obfuscation using charCodeAt
0.0@302473: suspicious.obfuscation toString
0.0@302473: suspicious.obfuscation using String.fromCharCode
0.0@302473: suspicious.obfuscation using String.replace
0.0@302473: suspicious.obfuscation using substring
-1.-1@302544: suspicious.warning: end of file contains content
39d69cc011baf8216c28cf460560b461 view report e0871a0dbda0996b5f1b16bcf077716880ae8e198832c44cdfe62055b255e52c 244755 6        
0.0@240828: suspicious.obfuscation using charCodeAt
0.0@240828: suspicious.obfuscation toString
0.0@240828: suspicious.obfuscation using String.fromCharCode
0.0@240828: suspicious.obfuscation using String.replace
0.0@240828: suspicious.obfuscation using substring
-1.-1@240899: suspicious.warning: end of file contains content
4aa4ffb4ee7c2023ec134ee69f855eb4 view report 449cfa6ee5952f124d7e5d122405e55be9dcab16f89f23cf08921f00d78c12f1 306400 6        
0.0@302473: suspicious.obfuscation using charCodeAt
0.0@302473: suspicious.obfuscation toString
0.0@302473: suspicious.obfuscation using String.fromCharCode
0.0@302473: suspicious.obfuscation using String.replace
0.0@302473: suspicious.obfuscation using substring
-1.-1@302544: suspicious.warning: end of file contains content
a767ed7eef64798d56ea64916a065304 view report 107060bcccff76877f35e1d5d96e79c3f0216054882b54b98e889828f4949bb4 1042019 8 J      
524.0@671902: suspicious.obfuscation getAnnots access blocks
524.0@671902: suspicious.warning: object contains JavaScript
527.0@675007: suspicious.embedded OLE document header
winrar_sfx
0af0fadf394c9e7a22685ce7f4c6f2b4 view report c98f7f666e3993fbaf011bd524e37ba2e8590a553c704193feb57df1b92bcdd5 50218 15 J      
30.0@9090: suspicious.warning: object contains JavaScript
31.0@9567: suspicious.warning: object contains JavaScript
32.0@9913: suspicious.warning: object contains JavaScript
74.0@42378: suspicious.javascript in XFA block
74.0@42378: suspicious.obfuscation using substring
74.0@42378: suspicious.warning: object contains JavaScript
4ad3a22e7fbceb1403a3526a0ab47316 view report 6d7dd6d8ed41b91779dd13abbc043c27b0e577ae7fcd2da336f16b9318556313 7506 49 J      
6.0@419: suspicious.obfuscation using unescape
6.0@419: suspicious.obfuscation using substring
6.0@419: pdf.exploit util.printf CVE-2008-2992
6.0@419: suspicious.warning: object contains JavaScript
40356faa621a8418a648a927b7dab202 view report 82c82defb519870b1bd6ba9f3a24c8531c06f19605ce9427107fd2bd6092f396 46347 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@45109: suspicious.warning: object contains JavaScript
10.0@45216: pdf.exploit execute EXE file
10.0@45216: pdf.exploit access system32 directory
10.0@45216: pdf.exploit execute action command
10.0@45216: pdf.execute exe file
10.0@45216: pdf.execute access system32 directory
f0a80f7ac20e6b650e4afd5a681b4104 view report e36b4406e8e4a3ac2172611c860eac9af8c18233a4d14a881adb2a0ba46c04da 244755 6        
0.0@240828: suspicious.obfuscation using charCodeAt
0.0@240828: suspicious.obfuscation toString
0.0@240828: suspicious.obfuscation using String.fromCharCode
0.0@240828: suspicious.obfuscation using String.replace
0.0@240828: suspicious.obfuscation using substring
-1.-1@240899: suspicious.warning: end of file contains content
ddf96fbf333114a7958522d2693a6e44 view report cedee82eb9c445a8a5d528a06f18127bf0df82e0550f40d6912cd694500cc0ac 248765 6        
0.0@244838: suspicious.obfuscation using charCodeAt
0.0@244838: suspicious.obfuscation toString
0.0@244838: suspicious.obfuscation using String.fromCharCode
0.0@244838: suspicious.obfuscation using String.replace
0.0@244838: suspicious.obfuscation using substring
-1.-1@244909: suspicious.warning: end of file contains content
ea35b5329e8509c0e83caeda3f307455 view report 644108f70436b04cdeede969c10925af48ab063011fdf34db9ab89fd8f4f2319 244755 6        
0.0@240828: suspicious.obfuscation using charCodeAt
0.0@240828: suspicious.obfuscation toString
0.0@240828: suspicious.obfuscation using String.fromCharCode
0.0@240828: suspicious.obfuscation using String.replace
0.0@240828: suspicious.obfuscation using substring
-1.-1@240899: suspicious.warning: end of file contains content
e803809d509be4d639833339b1dd2969 view report 66912638a20427afec2d6138023060026ebe5454a45d38cf4a0c64e5edcfa134 248765 6        
0.0@244838: suspicious.obfuscation using charCodeAt
0.0@244838: suspicious.obfuscation toString
0.0@244838: suspicious.obfuscation using String.fromCharCode
0.0@244838: suspicious.obfuscation using String.replace
0.0@244838: suspicious.obfuscation using substring
-1.-1@244909: suspicious.warning: end of file contains content
e838b5ef6dc236499e9b29c13f4e65dc view report d2a436104545e907873d89102606e7befec3010011934120c26ced1dc5e8f6f8 244755 6        
0.0@240828: suspicious.obfuscation using charCodeAt
0.0@240828: suspicious.obfuscation toString
0.0@240828: suspicious.obfuscation using String.fromCharCode
0.0@240828: suspicious.obfuscation using String.replace
0.0@240828: suspicious.obfuscation using substring
-1.-1@240899: suspicious.warning: end of file contains content
ebc9f69e59f82dbdbe53fcc27f1cee80 view report a18b75702cb12a1e5f5b89c852b178cc67c8a7ccc3b6df73d945a42d09d605e2 244755 6        
0.0@240828: suspicious.obfuscation using charCodeAt
0.0@240828: suspicious.obfuscation toString
0.0@240828: suspicious.obfuscation using String.fromCharCode
0.0@240828: suspicious.obfuscation using String.replace
0.0@240828: suspicious.obfuscation using substring
-1.-1@240899: suspicious.warning: end of file contains content
e0da4a02c18de5f2d88d711583e0c359 view report 6abdbd21ec232ef552da639ef063d965d1da288500ebcabc8b5bd64d37222fe0 248765 6        
0.0@244838: suspicious.obfuscation using charCodeAt
0.0@244838: suspicious.obfuscation toString
0.0@244838: suspicious.obfuscation using String.fromCharCode
0.0@244838: suspicious.obfuscation using String.replace
0.0@244838: suspicious.obfuscation using substring
-1.-1@244909: suspicious.warning: end of file contains content
f06d66f88d556653e675030ded4338d7 view report d8aba0162d0b2855f344d8d68111b0f4cd3edb45df95a37d50c5317f63e32f2a 244755 6        
0.0@240828: suspicious.obfuscation using charCodeAt
0.0@240828: suspicious.obfuscation toString
0.0@240828: suspicious.obfuscation using String.fromCharCode
0.0@240828: suspicious.obfuscation using String.replace
0.0@240828: suspicious.obfuscation using substring
-1.-1@240899: suspicious.warning: end of file contains content