Malware Tracker [static + dynamic analysis]

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
70a088e0c70c6a8556553f0c2e3a50d4 view report cc5d65c1cb530c533ca352604c29eef5bc1b8230812f831ae3cedcbe5800c1aa 6118 63 J      
10.0@899: pdf.exploit U3D CVE-2011-2462
10.0@899: pdf.exploit U3D CVE-2011-2462 A
14.0@1962: suspicious.javascript object
15.0@2006: suspicious.obfuscation using unescape
15.0@2006: suspicious.obfuscation using substr
15.0@2006: suspicious.obfuscation using substring
15.0@2006: suspicious.warning: object contains JavaScript
40c368637acdebc74a8826cd62089d7d view report f2e1f803a7d9bc75b9d7a0f3d1aa58c2e69487be656da31b9f4abf9521dbb4eb 360120 2        
0.0@356641: suspicious.obfuscation using String.fromCharCode
-1.-1@356712: suspicious.warning: end of file contains content
98137ff8f98f0fafc6604e0b3dfa9d51 view report 00a5bab2ff61e4fa0228e6f2646c2eb2da3af35043687c0fa195259b63ad0bdb 1142458 7 J   P  
15.0@1097163: suspicious.pdf embedded PDF file
15.0@1097163: suspicious.warning: object contains embedded PDF
16.0@1141338: suspicious.warning: object contains JavaScript
17.0@1141441: pdf.exploit execute EXE file
17.0@1141441: pdf.exploit access system32 directory
17.0@1141441: pdf.exploit execute action command
17.0@1141441: pdf.execute exe file
17.0@1141441: pdf.execute access system32 directory
26bc2bad4b40d0f91a8900bf05eadb0d view report e45a24a5d7fcd29fd60160f0f4272df2bc30b0ed7c08098b8545119720c2f1d7 1142537 7 J   P  
15.0@1097163: suspicious.pdf embedded PDF file
15.0@1097163: suspicious.warning: object contains embedded PDF
16.0@1141417: suspicious.warning: object contains JavaScript
17.0@1141520: pdf.exploit execute EXE file
17.0@1141520: pdf.exploit access system32 directory
17.0@1141520: pdf.exploit execute action command
17.0@1141520: pdf.execute exe file
17.0@1141520: pdf.execute access system32 directory
00e22b5cb10bc9859a3d389ea77bdd08 view report McGraw.Hill.Database.Management.Systems.2nd.Edition.Jun.2000.ISBN.0072465352.pdf 6745513 1 J      
0.0@11529: suspicious.warning: object contains JavaScript
efd761fe1f540a4dba9c68651e000868 view report b8bbe429b0a3850db54daece27cbe5bac6cd778b53510056e5957364a92c275b 258659 23 J   P  
357.0@5173: suspicious.javascript object
358.0@5219: suspicious.javascript object
359.0@5265: suspicious.javascript object
360.0@5311: suspicious.warning: object contains JavaScript
361.0@5803: suspicious.warning: object contains JavaScript
362.0@6150: suspicious.warning: object contains JavaScript
9.0@127434: suspicious.javascript in XFA block
9.0@127434: suspicious.obfuscation toString
9.0@127434: suspicious.warning: object contains JavaScript
533.0@151078: suspicious.pdf embedded PDF file
533.0@151078: suspicious.warning: object contains embedded PDF
534.0@257178: suspicious.warning: object contains JavaScript
535.0@257281: pdf.exploit execute EXE file
535.0@257281: pdf.exploit access system32 directory
535.0@257281: pdf.exploit execute action command
535.0@257281: pdf.execute exe file
535.0@257281: pdf.execute access system32 directory
6344bf1b6880cbc162b09641293338ba view report Avdi_Grimm,_Sandi_Metz_Confident_Ruby_32_Patterns_for_Joyful_Coding.pdf 1885038 1        
894.0@675762: block size over 10MB
f63a917f980f16881dacdc0f858ac8cb view report 834e74265cf32bd1ce18fa57031a1dd632d06a05e983c4a5dbd7ea66642c264c 508505 13 J      
326.0@453551: suspicious.warning: object contains JavaScript
327.0@453897: suspicious.javascript object
328.0@453942: suspicious.warning: object contains JavaScript
329.0@454902: suspicious.javascript object
330.0@454947: suspicious.warning: object contains JavaScript
331.0@455437: suspicious.javascript object
336.0@456696: suspicious.javascript in XFA block
336.0@456696: suspicious.warning: object contains JavaScript
cafa22fa4c05b8962f0311daa4e1b082 view report 91132e50853079da9262835fe7dd776bd66a87dc380f49fca8071ed7c109e881 386872 8 J      
3315.0@10344: suspicious.warning: object contains JavaScript
3316.0@10828: suspicious.warning: object contains JavaScript
3317.0@11191: suspicious.warning: object contains JavaScript
3370.0@25794: suspicious.javascript object
3384.0@26990: suspicious.javascript object
3385.0@27019: suspicious.javascript object
3386.0@27048: suspicious.javascript object
64fabfd129fe469decbd10c0be9b5232 view report c240760831fb8e6225740ecd95657d02a23b0a1e5163f4f9d9422a10908ec9b9 892933 18 J      
219.0@852500: suspicious.warning: object contains JavaScript
220.0@852846: suspicious.javascript object
221.0@852891: suspicious.warning: object contains JavaScript
222.0@853600: suspicious.javascript object
223.0@853645: suspicious.warning: object contains JavaScript
224.0@854135: suspicious.javascript object
229.0@855383: suspicious.javascript in XFA block
229.0@855383: suspicious.obfuscation toString
229.0@855383: suspicious.warning: object contains JavaScript
7dfe3de0c0175e5f1f28e8d9683a0a40 view report 8571310b5a9776adcc2dd7363d0938a75d0435c6c638c254b3ff53cd3d122d49 6276 49 J      
6.0@427: suspicious.obfuscation using unescape
6.0@427: suspicious.obfuscation using substring
6.0@427: pdf.exploit util.printf CVE-2008-2992
6.0@427: suspicious.warning: object contains JavaScript
484a4fa997f6fdd9318280081ef00ecc view report f70c4d71733f0074c07a08fad24bf08d2cdcbdc18f173c3f3a25a0a14714c9f8 728479 1 J   P E
668.0@41715: suspicious.warning: object contains JavaScript
372.0@716083: suspicious.warning: object contains embedded PDF
376.0@716848: suspicious.warning: object contains embedded PDF
380.0@717314: suspicious.warning: object contains embedded PDF
384.0@717783: suspicious.warning: object contains embedded PDF
388.0@718243: suspicious.warning: object contains embedded PDF
393.0@718844: suspicious.warning: object contains embedded PDF
b37a63b86aed255af05f6d20c8980158 view report a8f5c1c555cee192740d446c2c99475f68f2431e25e54f8e1703827625259203 760146 13 J      
256.0@738638: suspicious.warning: object contains JavaScript
257.0@738984: suspicious.javascript object
258.0@739029: suspicious.warning: object contains JavaScript
259.0@739822: suspicious.javascript object
260.0@739867: suspicious.warning: object contains JavaScript
261.0@740357: suspicious.javascript object
266.0@741509: suspicious.javascript in XFA block
266.0@741509: suspicious.warning: object contains JavaScript
686079b97d40e96a5ceadb1638666aef view report 42b638b82891197e0028aef14862da00f52bdf044e17bb03d0f35289ba9774a9 3325760 93 J     E
29.0@7723: suspicious.obfuscation toString
29.0@7723: suspicious.obfuscation using substr
29.0@7723: suspicious.obfuscation using String.fromCharCode
29.0@7723: suspicious.warning: object contains JavaScript
58.0@26665: pdf.exploit fontfile SING table overflow CVE-2010-2883 generic
58.0@26665: pdf.exploit fontfile SING table overflow CVE-2010-2883 A
59.0@110251: pdf.exploit fontfile SING table overflow CVE-2010-2883 generic
59.0@110251: pdf.exploit fontfile SING table overflow CVE-2010-2883 A
-1.-1@195255: suspicious.warning: end of file contains content
ce077cbdb653969ab20123c5f409dcac view report a77e60f4949001f47027aba16a904c9282d89c0611b5176d8d76cc7fdcbde41b 9482084 7 J   P  
239.0@9436356: suspicious.pdf embedded PDF file
239.0@9436356: suspicious.warning: object contains embedded PDF
240.0@9480796: suspicious.warning: object contains JavaScript
241.0@9480914: pdf.exploit execute EXE file
241.0@9480914: pdf.exploit access system32 directory
241.0@9480914: pdf.exploit execute action command
241.0@9480914: pdf.execute exe file
241.0@9480914: pdf.execute access system32 directory