Malware Tracker [static + dynamic analysis]

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
e5d62ee3a502a26246268ac7405c8d34 view report 0687cba642b85e090960593d2cfbf5c66f85f1d3932f76be5622845906703491 32356 37 J F    
6.0@312: suspicious.obfuscation using unescape
6.0@312: suspicious.obfuscation using substring
6.0@312: suspicious.string Shellcode NOP sled
6.0@312: suspicious.string heap spray shellcode
6.0@312: suspicious.warning: object contains JavaScript
7.0@4052: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
8.0@4239: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
9.0@4386: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
10.0@4512: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
11.0@4607: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
14.0@4865: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
15.0@5007: suspicious.flash Adobe Shockwave Flash in a PDF define obj type
16.0@5112: flash.exploit CVE-2010-1297
16.0@5112: suspicious.flash Embedded Flash
89d85197cd160200c5da60fc59467889 view report d6aae885b3486cf41dd1526146953a69b8a609910514be039010c771fba537ae 60577 7 J   P  
21.0@15110: suspicious.pdf embedded PDF file
21.0@15110: suspicious.warning: object contains embedded PDF
22.0@59497: suspicious.warning: object contains JavaScript
23.0@59601: pdf.exploit execute EXE file
23.0@59601: pdf.exploit access system32 directory
23.0@59601: pdf.exploit execute action command
23.0@59601: pdf.execute exe file
23.0@59601: pdf.execute access system32 directory
5cdcccfaefebfb0ee47d309687859831 view report 5f1389d7cc23d7e73d38ccf86c45a907381f2eef6bb3b75af24a73efd420c740 306408 6        
0.0@302481: suspicious.obfuscation using charCodeAt
0.0@302481: suspicious.obfuscation toString
0.0@302481: suspicious.obfuscation using String.fromCharCode
0.0@302481: suspicious.obfuscation using String.replace
0.0@302481: suspicious.obfuscation using substring
-1.-1@302552: suspicious.warning: end of file contains content
b54f988afc08222f026dab1fd2aa7e00 view report c8c192b3258c6e13f27a072f5c31006238a4451f7b0e9e49e060488d5e034296 46223 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@44984: suspicious.warning: object contains JavaScript
10.0@45091: pdf.exploit execute EXE file
10.0@45091: pdf.exploit access system32 directory
10.0@45091: pdf.exploit execute action command
10.0@45091: pdf.execute exe file
10.0@45091: pdf.execute access system32 directory
f2287e406aecf1e5411928f2da2bf05f view report 464adbcbadf28144b408c27ef20c3328815e6b9294a762b4034856b9edda47af 46443 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@45205: suspicious.warning: object contains JavaScript
10.0@45312: pdf.exploit execute EXE file
10.0@45312: pdf.exploit access system32 directory
10.0@45312: pdf.exploit execute action command
10.0@45312: pdf.execute exe file
10.0@45312: pdf.execute access system32 directory
805a0300a73a1f59652447e3dcfa6a5c view report STOR_basic_law.pdf 521947 7 J   P  
49.0@476419: suspicious.pdf embedded PDF file
49.0@476419: suspicious.warning: object contains embedded PDF
50.0@520769: suspicious.warning: object contains JavaScript
51.0@520878: pdf.exploit execute EXE file
51.0@520878: pdf.exploit access system32 directory
51.0@520878: pdf.exploit execute action command
51.0@520878: pdf.execute exe file
51.0@520878: pdf.execute access system32 directory
7a1ecaf82d1633c7301f90f4a7afce5b view report 6cb0f19c19a88886408c556686a1e54a0f3a4e1429e235dd71c155c1481c0fa9 479840 7 J   P  
98.0@434160: suspicious.pdf embedded PDF file
98.0@434160: suspicious.warning: object contains embedded PDF
99.0@478564: suspicious.warning: object contains JavaScript
100.0@478667: pdf.exploit execute EXE file
100.0@478667: pdf.exploit access system32 directory
100.0@478667: pdf.exploit execute action command
100.0@478667: pdf.execute exe file
100.0@478667: pdf.execute access system32 directory
57ff50b597e3213536170e2c4e0db66c view report 67d42d08b80b6bd009f5c24f994a2735f58d5f618d388092f2618d81bbba1a56 60777 7 J   P  
25.0@15302: suspicious.pdf embedded PDF file
25.0@15302: suspicious.warning: object contains embedded PDF
26.0@59638: suspicious.warning: object contains JavaScript
27.0@59743: pdf.exploit execute EXE file
27.0@59743: pdf.exploit access system32 directory
27.0@59743: pdf.exploit execute action command
27.0@59743: pdf.execute exe file
27.0@59743: pdf.execute access system32 directory
de2a253d2196d1c8b83f2f595658674f view report c5a65a6b1d93ebc831f0cf4bbcfe2f03f1d1e13693e6bb46a27402a8e4e5df5f 274068 7 J   P  
198.0@225240: suspicious.pdf embedded PDF file
198.0@225240: suspicious.warning: object contains embedded PDF
199.0@269628: suspicious.warning: object contains JavaScript
200.0@269733: pdf.exploit execute EXE file
200.0@269733: pdf.exploit access system32 directory
200.0@269733: pdf.exploit execute action command
200.0@269733: pdf.execute exe file
200.0@269733: pdf.execute access system32 directory
92b562e12560591699e37b6c2533c191 view report gooby.pdf 119412 10        
11.0@60426: suspicious.obfuscation using unescape
11.0@60426: suspicious.obfuscation using charCodeAt
11.0@60426: suspicious.javascript object
11.0@60426: suspicious.obfuscation using String.fromCharCode
11.0@60426: suspicious.obfuscation using String.replace
e0db2b5f3633a60ed9383fd7c4bf9cd0 view report 9d088aafc205fb8ea201f9da9b36b1d2bdecefd1ee61395ad5be5148399ccbcf 12888 9 J      
43.0@10630: suspicious.javascript in XFA block
43.0@10630: suspicious.warning: object contains JavaScript
56141b8ac448cbaa107f960c98dd5d1b view report a30ae022be780f2ebd532df2efee1df12fef4dba29319f689ea6ef9f2c42d1ca 5455 9 J      
8.0@728: suspicious.javascript in XFA block
8.0@728: suspicious.warning: object contains JavaScript
-1.-1@5234: suspicious.warning: end of file contains content
cd522702061cc74a1dad7425be410c5d view report f10eec6e7219c33b9f05d29ee004a068470a282fc7657f852957df9e16935b50 9317 7 J      
17.0@6886: suspicious.javascript in XFA block
17.0@6886: suspicious.warning: object contains JavaScript
cfaab2eb34cb3bc98afd2a252ed5167f view report dc2d4b15167d93bc319e7e0d183d30c06bb2de58d4c5fa2ef8b5480e4116d02d 69608 1 J      
97.0@60824: suspicious.warning: object contains JavaScript
37298b0e842ddffa1d34298e6703d793 view report Darin Tietjen's Eagle Scout Service Project Workbook(1).pdf 15625076 3 J   P  
14.0@4156631: suspicious.warning: object contains embedded PDF
44.0@4170953: suspicious.warning: object contains JavaScript
45.0@4171430: suspicious.warning: object contains JavaScript
46.0@4171776: suspicious.warning: object contains JavaScript
114.0@4178079: suspicious.warning: object contains embedded PDF