Malware Tracker [static + dynamic analysis]

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
35c737135c13fe9c5957c6db6dc4b4ca view report forms.pdf 238031 7 J      
70.0@990: suspicious.warning: object contains JavaScript
77.0@215255: suspicious.warning: object contains JavaScript
78.0@216060: suspicious.warning: object contains JavaScript
5.0@224582: suspicious.warning: object contains JavaScript
9.0@226743: suspicious.warning: object contains JavaScript
12.0@228340: suspicious.warning: object contains JavaScript
13.0@229100: suspicious.warning: object contains JavaScript
e8b1a9d2606d2e24692576a3dd3e9c10 view report 576ca2b0c5fe1c756c245cb82d6a2ecce7f6976d5c3f3b338f686e06955032cb 31049 1 J      
31.0@5324: suspicious.warning: object contains JavaScript
3130f739473b44821e0216fa7428477a view report QUOTATION.pdf 149996 2        
11.0@16699: pdf.exploit execute EXE file
11.0@16699: pdf.execute exe file
3130f739473b44821e0216fa7428477a view report QUOTATION.pdf 149996 2        
11.0@16699: pdf.exploit execute EXE file
11.0@16699: pdf.execute exe file
061226ae7f0d4a1fee5445fa078cb74c view report aaab9265bde2270b0d9fc1d39dda05826f253ef22406321d9cfd3069752d1dcb 46327 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@45089: suspicious.warning: object contains JavaScript
10.0@45196: pdf.exploit execute EXE file
10.0@45196: pdf.exploit access system32 directory
10.0@45196: pdf.exploit execute action command
10.0@45196: pdf.execute exe file
10.0@45196: pdf.execute access system32 directory
685013e84df2805fcb531281dbd17b43 view report ae9de248273f2335774be921234b1dc334bd62dfe95d3705475e34d1e4771374 1235 1 J      
7.0@781: suspicious.warning: object contains JavaScript
5cdb1f1e771c43fcc2982f5fd6356d92 view report 6cb8e8febcc1914ccf5f8267f583fff2718d76181ef9038921c654b256656576 232856 1 J   P  
8.0@1219: suspicious.warning: object contains JavaScript
0.0@1985: suspicious.warning: object contains embedded PDF
-1.-1@2049: suspicious.warning: end of file contains content
b097d1a78d0fbed7506fc819eee41099 view report 344465541aafa78eebdbfc3bb0a9cb009f5ac33da6462076e5443e524101782e 1235 1 J      
7.0@781: suspicious.warning: object contains JavaScript
53337464a4ab9664ddf80949fae937b7 view report 241e8fe4de2ff3fe94db9d66a592e78f25f8af4ac393c9e1b2ae778879afd74b 22020 79 J      
5.0@381: suspicious.obfuscation using unescape
5.0@381: suspicious.obfuscation using substring
5.0@381: pdf.exploit Collab.getIcon CVE-2009-0927
5.0@381: suspicious.warning: object contains JavaScript
7b5f38529c3cd5f6f28aaa6cf0f75609 view report Metasploit_The_Penetration_Tester_Guide.pdf 7260681 64        
936.0@2151973: pdf.exploit Collab.getIcon CVE-2009-0927
1148.0@2685617: suspicious.obfuscation using eval
7b5f38529c3cd5f6f28aaa6cf0f75609 view report Metasploit_The_Penetration_Tester_Guide_David_Kennedy_Jim_O_Gorman_Devon_Kearns.pdf 7260681 64        
936.0@2151973: pdf.exploit Collab.getIcon CVE-2009-0927
1148.0@2685617: suspicious.obfuscation using eval
55a68ca5a6a6cb597258a64cb7131176 view report 43115c27f292bbbb9613b384919331ad8c0659bf035bacb02d0f64e7c7410a28 736 1 J      
1.0@17: suspicious.warning: object contains JavaScript
a84b2735e28b6ae760f9be8a1955c1f3 view report 9e2ea3e10c0c5d70571b7e3f22fd5ae90c8c77db946bc1386ecf1f655937a85c 1058245 3 J      
239.0@1302: suspicious.warning: object contains JavaScript
240.0@1793: suspicious.warning: object contains JavaScript
241.0@2140: suspicious.warning: object contains JavaScript
1a38b2f496ff1a10fff93ee2ef9196a3 view report ebc4e09e4c3671506fad6254a3b5791dbb6664bd6e04b6f5eaae9d9f80fa5b2f 7061 7 J      
8.0@3717: suspicious.javascript in XFA block
8.0@3717: suspicious.warning: object contains JavaScript
07adce870629526044cc91b3a60e6202 view report 4690aa90c2d0935d21f0528b3287e8980c0b4a37acbbcc63d92d0b1da2d76504 46100 26 J      
10.0@1000: pdf.exploit fontfile SING table overflow CVE-2010-2883 A
12.0@41428: suspicious.obfuscation using unescape
12.0@41428: suspicious.obfuscation using substring
12.0@41428: suspicious.string heap spray shellcode
12.0@41428: suspicious.string shellcode
12.0@41428: suspicious.warning: object contains JavaScript