Malware Tracker [static + dynamic analysis]

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
57be7b7b3889d925721ccecd9b27f330 view report 008f4db9455b5c0ef61069193c69d7025975be2df3a12c075a00b063264148e2:template.pdf: 60445 7 J   P  
21.0@15110: suspicious.pdf embedded PDF file
21.0@15110: suspicious.warning: object contains embedded PDF
22.0@59365: suspicious.warning: object contains JavaScript
23.0@59469: pdf.exploit execute EXE file
23.0@59469: pdf.exploit access system32 directory
23.0@59469: pdf.exploit execute action command
23.0@59469: pdf.execute exe file
23.0@59469: pdf.execute access system32 directory
cc929a0d339aee89115f6120974cc0a0 view report b05a79f882044ff7e7ac20a389ad9099e7ce9b79deeefb26f53c31f410f60502:b05a79f882044ff7e7ac20a389ad9099e7ce9b79deeefb26f53c31f410f60502.pdf: 1934 17 J      
5.0@125: suspicious.obfuscation using unescape
5.0@125: suspicious.obfuscation toString
5.0@125: suspicious.obfuscation using String.fromCharCode
5.0@125: suspicious.warning: object contains JavaScript
885997d020e19380c2353536ff2eceb4 view report b7030ca8f71d8cd6c23de8bfe7af5e1b147b4596e483d65a22d17e31d408eee6:Review Offer.pdf: 28409 2        
17.0@23432: suspicious.embedded external content
19.0@23671: suspicious.embedded external content
7c1997a15e0a01246682f914c808b56a view report e58ccd084d0eb115173e4ac10a6b33f506b952aa20b9bd426c42ccfc41b025f5:template.pdf: 60371 7 J   P  
21.0@15110: suspicious.pdf embedded PDF file
21.0@15110: suspicious.warning: object contains embedded PDF
22.0@59291: suspicious.warning: object contains JavaScript
23.0@59395: pdf.exploit execute EXE file
23.0@59395: pdf.exploit access system32 directory
23.0@59395: pdf.exploit execute action command
23.0@59395: pdf.execute exe file
23.0@59395: pdf.execute access system32 directory
02cfb075752be3116ad31a4181e85375 view report 5211dc0a42e0c7ac6d29d20a958530e6c111e713930732e4366c2c2d7e7e8cc1:template.pdf: 60285 7 J   P  
21.0@15110: suspicious.pdf embedded PDF file
21.0@15110: suspicious.warning: object contains embedded PDF
22.0@59205: suspicious.warning: object contains JavaScript
23.0@59309: pdf.exploit execute EXE file
23.0@59309: pdf.exploit access system32 directory
23.0@59309: pdf.exploit execute action command
23.0@59309: pdf.execute exe file
23.0@59309: pdf.execute access system32 directory
53e4f0fe5ee49edd866d0c8a3c6d4e7d view report 5a3a82908fce063b972388de9529763aa02c75b64c8f4c39e8a02f2b4e576486:entrepreneurship-theory-process-and-practice.pdf: 95992 25        
6.0@79680: suspicious.embedded external content
7.0@79960: suspicious.embedded external content
8.0@80235: suspicious.embedded external content
9.0@80817: suspicious.embedded external content
10.0@81102: suspicious.embedded external content
11.0@81547: suspicious.embedded external content
12.0@81829: suspicious.embedded external content
13.0@82111: suspicious.embedded external content
14.0@82621: suspicious.embedded external content
15.0@82987: suspicious.embedded external content
16.0@83263: suspicious.embedded external content
17.0@83710: suspicious.embedded external content
18.0@84202: suspicious.embedded external content
19.0@84634: suspicious.embedded external content
20.0@85072: suspicious.embedded external content
21.0@85516: suspicious.embedded external content
22.0@85801: suspicious.embedded external content
23.0@86260: suspicious.embedded external content
24.0@86677: suspicious.embedded external content
25.0@87259: suspicious.embedded external content
26.0@87685: suspicious.embedded external content
27.0@88108: suspicious.embedded external content
28.0@88381: suspicious.embedded external content
29.0@88795: suspicious.embedded external content
30.0@89068: suspicious.embedded external content
690aebac2e970ab476d23b136d82f904 view report cdd2eade8257fa97574d943236ac2c942213ce8f9811efa6965709106d98bd5a:kody_na_stalker_dolina_shorokhov.pdf: 352984 1        
6.0@359: block size over 10MB
e8962734d21a0b1e0ad15c7a96a8173e view report 740184feb35e057b22e0418a953638e4e4a589ad7aa7ec60ba1b72d2905b2164:Q3.3_BWW_A_1001_V_07_08_Germany_17_08_2017 (Failed).pdf: 599752 25 J      
1923.0@1256: suspicious.warning: object contains JavaScript
1924.0@1598: suspicious.obfuscation using eval
1924.0@1598: suspicious.obfuscation toString
1924.0@1598: suspicious.obfuscation using String.replace
1924.0@1598: suspicious.warning: object contains JavaScript
1925.0@2166: suspicious.obfuscation using unescape
1925.0@2166: suspicious.obfuscation using eval
1925.0@2166: suspicious.obfuscation toString
1925.0@2166: suspicious.obfuscation using String.fromCharCode
1925.0@2166: suspicious.obfuscation using String.replace
1925.0@2166: suspicious.warning: object contains JavaScript
0a533c2a098b202f3ee7cd99f19e5095 view report 6c0f02ad5b1a54462d7917371f798c437b850a56b9cc2efc041cd3997630b846:Human Resource Management - MGT501 Handouts.pdf: 4329836 4        
940.0@1983420: suspicious.embedded OLE document header
7042c5bdfe1eaf7296c91b12bd65e9ce view report b4c2d1a60145fa107466a714dabfcb5cde914251d163a930d378af8518800ea1:MOrcmKR0Vh.pdf: 7365 22 J      
6.0@578: suspicious.obfuscation using unescape
6.0@578: suspicious.obfuscation using substring
6.0@578: suspicious.string Shellcode NOP sled
6.0@578: suspicious.warning: object contains JavaScript
096447a155305371071270e22fc026ae view report 3d91565df01cf095e9f1ab352924ad1173ef32125acd2022d0587669a426e4a2:rmtoo7.pdf: 404938 4        
5.0@398105: suspicious.embedded external content
6.0@398401: suspicious.embedded external content
7.0@398697: suspicious.embedded external content
8.0@398995: suspicious.embedded external content
8cd55d2c44baef85c1f5ac04e35f7359 view report 81458a4627c7ac7987414d16a2addb31f0a476e5791218dc6bd49722cfc7755d:decoded.pdf: 12980 12 J      
8.0@181: suspicious.javascript in XFA block
8.0@181: suspicious.obfuscation using substr
8.0@181: suspicious.warning: object contains JavaScript
14fd00d8176eeaf2f7b0b78a3b2af5df view report 901dff84be5fa8d0ef9f5f80db3f76816236bf489fbd129dd993521e2fa946e3:901dff84be5fa8d0ef9f5f80db3f76816236bf489fbd129dd993521e2fa946e3: 405508 9 J      
1.0@1015: suspicious.obfuscation using charCodeAt
1.0@1015: suspicious.javascript in XFA block
1.0@1015: suspicious.obfuscation using String.fromCharCode
1.0@1015: suspicious.obfuscation using substring
1.0@1015: suspicious.string -shellcode-
1.0@1015: block size over 10MB
1.0@1015: suspicious.warning: object contains JavaScript
177044ab773862fd3f3a5d232705f8da view report 19193bcd7ba6f45287dccb2f1bc11823c5040d0dde19696ef789bddd69169288:Commercial Invoice.pdf: 405510 9 J      
1.0@1015: suspicious.obfuscation using charCodeAt
1.0@1015: suspicious.javascript in XFA block
1.0@1015: suspicious.obfuscation using String.fromCharCode
1.0@1015: suspicious.obfuscation using substring
1.0@1015: suspicious.string -shellcode-
1.0@1015: block size over 10MB
1.0@1015: suspicious.warning: object contains JavaScript
80dcab140daab41da44ddf4fcdee1ed5 view report 711ff31daabbbe6d1670e70b83e9af51d2dd36c76b724487613244c74bc98e8b:ID931.pdf: 1978099 163 J     E
3881.0@2553: suspicious.warning: object contains JavaScript
3882.0@3395: suspicious.warning: object contains JavaScript
3883.0@4045: suspicious.warning: object contains JavaScript
3884.0@4535: suspicious.warning: object contains JavaScript
3885.0@5041: suspicious.obfuscation using charCodeAt
3885.0@5041: suspicious.warning: object contains JavaScript
3886.0@5451: suspicious.obfuscation using String.fromCharCode
3886.0@5451: suspicious.obfuscation using substring
3886.0@5451: suspicious.warning: object contains JavaScript
3887.0@5717: suspicious.warning: object contains JavaScript
3888.0@6639: suspicious.warning: object contains JavaScript
3889.0@6937: suspicious.warning: object contains JavaScript
3890.0@9636: suspicious.warning: object contains JavaScript
3891.0@9982: suspicious.warning: object contains JavaScript
3892.0@10856: suspicious.warning: object contains JavaScript
3893.0@11202: suspicious.obfuscation using substring
3893.0@11202: suspicious.warning: object contains JavaScript
3894.0@11644: suspicious.warning: object contains JavaScript
3895.0@12198: suspicious.obfuscation using substring
3895.0@12198: suspicious.warning: object contains JavaScript
3896.0@12832: suspicious.warning: object contains JavaScript
3897.0@13594: suspicious.warning: object contains JavaScript
3898.0@13876: suspicious.obfuscation using charCodeAt
3898.0@13876: suspicious.warning: object contains JavaScript
3899.0@14238: suspicious.warning: object contains JavaScript
3900.0@14600: suspicious.warning: object contains JavaScript
3901.0@15186: suspicious.obfuscation using charCodeAt
3901.0@15186: suspicious.warning: object contains JavaScript
3902.0@15484: suspicious.obfuscation using charCodeAt
3902.0@15484: suspicious.obfuscation using substr
3902.0@15484: suspicious.warning: object contains JavaScript
3903.0@15894: suspicious.warning: object contains JavaScript
3904.0@16272: suspicious.obfuscation using charCodeAt
3904.0@16272: suspicious.obfuscation using substring
3904.0@16272: suspicious.warning: object contains JavaScript
3905.0@17050: suspicious.obfuscation using charCodeAt
3905.0@17050: suspicious.obfuscation using String.fromCharCode
3905.0@17050: suspicious.warning: object contains JavaScript
3906.0@17380: suspicious.obfuscation using charCodeAt
3906.0@17380: suspicious.warning: object contains JavaScript
3907.0@17774: suspicious.obfuscation using charCodeAt
3907.0@17774: suspicious.warning: object contains JavaScript
3908.0@18184: suspicious.obfuscation using charCodeAt
3908.0@18184: suspicious.obfuscation using substr
3908.0@18184: suspicious.warning: object contains JavaScript
3909.0@18594: suspicious.obfuscation using substring
3909.0@18594: suspicious.warning: object contains JavaScript
3910.0@19420: suspicious.obfuscation using charCodeAt
3910.0@19420: suspicious.warning: object contains JavaScript
3911.0@19702: suspicious.obfuscation using charCodeAt
3911.0@19702: suspicious.warning: object contains JavaScript
3912.0@20208: suspicious.obfuscation using substring
3912.0@20208: suspicious.warning: object contains JavaScript
3913.0@20826: suspicious.warning: object contains JavaScript
3914.0@21092: suspicious.obfuscation using charCodeAt
3914.0@21092: suspicious.warning: object contains JavaScript
3956.0@36366: suspicious.obfuscation using charCodeAt
3975.0@462778: suspicious.warning: object contains JavaScript
3976.0@463060: suspicious.warning: object contains JavaScript
3977.0@463342: suspicious.warning: object contains JavaScript
3978.0@463624: suspicious.warning: object contains JavaScript
3979.0@463906: suspicious.warning: object contains JavaScript
3980.0@464188: suspicious.warning: object contains JavaScript
3981.0@464470: suspicious.warning: object contains JavaScript
3982.0@464752: suspicious.warning: object contains JavaScript
3983.0@465194: suspicious.warning: object contains JavaScript
3984.0@465636: suspicious.warning: object contains JavaScript
3985.0@466046: suspicious.warning: object contains JavaScript
3986.0@466488: suspicious.warning: object contains JavaScript
3987.0@466930: suspicious.warning: object contains JavaScript
3988.0@467340: suspicious.warning: object contains JavaScript
3989.0@467782: suspicious.warning: object contains JavaScript
3990.0@468224: suspicious.warning: object contains JavaScript
2959.0@1890108: suspicious.warning: object contains JavaScript
2960.0@1890390: suspicious.warning: object contains JavaScript
2961.0@1890672: suspicious.warning: object contains JavaScript
2962.0@1890954: suspicious.warning: object contains JavaScript
2963.0@1891236: suspicious.warning: object contains JavaScript
2964.0@1891518: suspicious.warning: object contains JavaScript
2965.0@1891800: suspicious.warning: object contains JavaScript
2966.0@1892082: suspicious.warning: object contains JavaScript
2967.0@1892364: suspicious.warning: object contains JavaScript
2968.0@1892646: suspicious.warning: object contains JavaScript
2969.0@1892976: suspicious.warning: object contains JavaScript
2970.0@1893306: suspicious.warning: object contains JavaScript
2971.0@1893620: suspicious.warning: object contains JavaScript
2972.0@1893918: suspicious.warning: object contains JavaScript
2973.0@1894200: suspicious.warning: object contains JavaScript
3086.0@1936617: suspicious.warning: object contains JavaScript
3087.0@1937027: suspicious.warning: object contains JavaScript
3088.0@1937469: suspicious.warning: object contains JavaScript
3089.0@1937911: suspicious.warning: object contains JavaScript
3090.0@1938321: suspicious.warning: object contains JavaScript
3091.0@1938763: suspicious.warning: object contains JavaScript
3092.0@1939205: suspicious.warning: object contains JavaScript
3093.0@1939535: suspicious.warning: object contains JavaScript
3094.0@1939849: suspicious.warning: object contains JavaScript
3110.0@1944913: suspicious.warning: object contains JavaScript
3111.0@1945323: suspicious.warning: object contains JavaScript
3112.0@1945765: suspicious.warning: object contains JavaScript
3119.0@1948126: suspicious.warning: object contains JavaScript
3120.0@1948408: suspicious.warning: object contains JavaScript
3121.0@1948690: suspicious.warning: object contains JavaScript
3122.0@1948972: suspicious.warning: object contains JavaScript
3124.0@1949592: suspicious.warning: object contains JavaScript
3126.0@1950211: suspicious.warning: object contains JavaScript
3127.0@1950493: suspicious.warning: object contains JavaScript
3146.0@1956494: suspicious.warning: object contains JavaScript
3147.0@1956904: suspicious.warning: object contains JavaScript
3148.0@1957346: suspicious.warning: object contains JavaScript
4008.0@39136: suspicious.obfuscation using charCodeAt