Malware Tracker Malware Tracker [static + dynamic analysis]

Login

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
40aed3ead19181ff74a75363c5c9b3db view report 5da79faabad726118001282d36e15ef0cca4d81f0cce7db2e50254a3a042b90f 6037 49 J      
6.0@421: suspicious.obfuscation using unescape
6.0@421: suspicious.obfuscation using substring
6.0@421: pdf.exploit util.printf CVE-2008-2992
6.0@421: suspicious.warning: object contains JavaScript
823f7e2405b0618be0868d5eb47d2543 view report 9e8c2951883a4c7d0b22d397ccc96305e6c3c8766646beaa1c6673145d7230e1 332360 122 J      
1.0@16: suspicious.obfuscation using unescape
1.0@16: suspicious.obfuscation using charCodeAt
1.0@16: suspicious.obfuscation toString
1.0@16: suspicious.obfuscation using substring
1.0@16: suspicious.string shellcode
1.0@16: suspicious.obfuscation using app.setTimeOut to eval code
1.0@16: pdf.exploit Sandbox Bypass CVE-2013-0641
1.0@16: suspicious.warning: object contains JavaScript
1.0@163408: suspicious.obfuscation using unescape
1.0@163408: suspicious.obfuscation using charCodeAt
1.0@163408: suspicious.obfuscation toString
1.0@163408: suspicious.obfuscation using substring
1.0@163408: suspicious.string shellcode
1.0@163408: suspicious.obfuscation using app.setTimeOut to eval code
1.0@163408: pdf.exploit Sandbox Bypass CVE-2013-0641
1.0@163408: suspicious.warning: object contains JavaScript
b6eb901ec464e4b31554ecd9ffb884ea view report 293f8d2806ad0d02e522eeb06ab1d30e3a79b06f950998ba6b949231e6c00458 33403 8 J      
1.0@16: suspicious.obfuscation using app.setTimeOut to eval code
1.0@16: suspicious.warning: object contains JavaScript
1.0@14141: suspicious.obfuscation using app.setTimeOut to eval code
1.0@14141: suspicious.warning: object contains JavaScript
f1999c7d18355a890543802327bb3ae7 view report a576b55a8f58db69bccb1546fa463d8ed59ad9db648e36c7c5fd57cc53d6e6d0 2307 90        
1.0@9: pdf.exploit using TIFF overflow CVE-2010-0188
1.0@9: suspicious.string base 64 nop sled used in TIFF overflow CVE-2010-0188
1.0@9: pdf.exploit TIFF overflow CVE-2010-0188
5a5b6ddccdd577c3ace8206965771977 view report 4eca6c32b2bce6398e40b31a8461ca3eaa4fcf8e14763ba13941c7aca5303e98 46122 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@44884: suspicious.warning: object contains JavaScript
10.0@44991: pdf.exploit execute EXE file
10.0@44991: pdf.exploit access system32 directory
10.0@44991: pdf.exploit execute action command
10.0@44991: pdf.execute exe file
10.0@44991: pdf.execute access system32 directory
cb0cb6c20d09c5316e27b0b0ce54ea05 view report 3507bfe83886997d9c5493fb4ab538d3929f83ca29dcc7f0c68f38211f68be2d 1230696 187 J   P  
100.0@113150: pdf.exploit Collab.getIcon CVE-2009-0927
100.0@113150: pdf.exploit Collab.collectEmailInfo CVE-2008-0655
290.0@866236: pdf.exploit Collab.getIcon CVE-2009-0927
290.0@866236: pdf.exploit Collab.collectEmailInfo CVE-2008-0655
467.0@1185294: suspicious.pdf embedded PDF file
467.0@1185294: suspicious.warning: object contains embedded PDF
468.0@1229537: suspicious.warning: object contains JavaScript
469.0@1229649: pdf.exploit execute EXE file
469.0@1229649: pdf.exploit access system32 directory
469.0@1229649: pdf.exploit execute action command
469.0@1229649: pdf.execute exe file
469.0@1229649: pdf.execute access system32 directory
07300fec37b096c0cc8a369097989ea7 view report 37f333559277072fee8aa9a0548f28ea604565ec13f6e90aae08b49632c9efee 734097 4        
80.0@16: suspicious.obfuscation getAnnots access blocks
32.0@195: suspicious.obfuscation getAnnots access blocks
6b691dbbde0a106652e6631d43e66cf6 view report 557f43cb7fb7c6ca434aa440f14eb3234d06f1d08895d6bea71fa6033f3255e4 101992 12 J      
8.0@149: suspicious.javascript in XFA block
8.0@149: suspicious.obfuscation using substr
8.0@149: suspicious.warning: object contains JavaScript
bfd0332bb7be4561b064a4fb3a8be80d view report 0d52acfcc7f1e044956586d9734941f851fef17e9a1ecbcee0ccc61f00a83668 248790 6        
0.0@244863: suspicious.obfuscation using charCodeAt
0.0@244863: suspicious.obfuscation toString
0.0@244863: suspicious.obfuscation using String.fromCharCode
0.0@244863: suspicious.obfuscation using String.replace
0.0@244863: suspicious.obfuscation using substring
-1.-1@244934: suspicious.warning: end of file contains content
d6a802d92d8df5456a95d46f156ef680 view report new - I-864.pdf 418711 60 J      
493.0@59525: suspicious.warning: object contains JavaScript
945.0@74831: suspicious.warning: object contains JavaScript
959.0@80763: suspicious.warning: object contains JavaScript
964.0@82396: suspicious.warning: object contains JavaScript
966.0@83870: suspicious.warning: object contains JavaScript
970.0@88132: suspicious.warning: object contains JavaScript
1042.0@148495: suspicious.warning: object contains JavaScript
885.0@197452: suspicious.warning: object contains JavaScript
873.0@319974: suspicious.warning: object contains JavaScript
226.0@341754: suspicious.warning: object contains JavaScript
300.0@343214: suspicious.warning: object contains JavaScript
301.0@344223: suspicious.warning: object contains JavaScript
222.0@344488: suspicious.warning: object contains JavaScript
302.0@345232: suspicious.warning: object contains JavaScript
271.0@345847: suspicious.warning: object contains JavaScript
299.0@346651: suspicious.warning: object contains JavaScript
296.0@348532: suspicious.warning: object contains JavaScript
274.0@348697: suspicious.warning: object contains JavaScript
297.0@349842: suspicious.warning: object contains JavaScript
277.0@351430: suspicious.warning: object contains JavaScript
280.0@354129: suspicious.warning: object contains JavaScript
283.0@358679: suspicious.warning: object contains JavaScript
227.0@359874: suspicious.warning: object contains JavaScript
306.0@361422: suspicious.warning: object contains JavaScript
308.0@364413: suspicious.warning: object contains JavaScript
304.0@365678: suspicious.warning: object contains JavaScript
319.0@372064: suspicious.warning: object contains JavaScript
318.0@373086: suspicious.warning: object contains JavaScript
223.0@375183: suspicious.warning: object contains JavaScript
317.0@375595: suspicious.warning: object contains JavaScript
270.0@376113: suspicious.warning: object contains JavaScript
224.0@376859: suspicious.warning: object contains JavaScript
316.0@377614: suspicious.warning: object contains JavaScript
225.0@378354: suspicious.warning: object contains JavaScript
1366.0@378815: suspicious.warning: object contains JavaScript
1392.0@378905: suspicious.warning: object contains JavaScript
1382.0@378995: suspicious.warning: object contains JavaScript
1375.0@379085: suspicious.warning: object contains JavaScript
1391.0@379174: suspicious.warning: object contains JavaScript
1390.0@379263: suspicious.warning: object contains JavaScript
1374.0@379353: suspicious.warning: object contains JavaScript
1399.0@379780: suspicious.warning: object contains JavaScript
1400.0@380228: suspicious.warning: object contains JavaScript
1394.0@380764: suspicious.warning: object contains JavaScript
1373.0@380965: suspicious.warning: object contains JavaScript
1369.0@381054: suspicious.warning: object contains JavaScript
1389.0@381392: suspicious.warning: object contains JavaScript
1388.0@383324: suspicious.warning: object contains JavaScript
1385.0@383414: suspicious.warning: object contains JavaScript
1372.0@383504: suspicious.warning: object contains JavaScript
1371.0@388356: suspicious.warning: object contains JavaScript
1370.0@388587: suspicious.warning: object contains JavaScript
1387.0@388676: suspicious.warning: object contains JavaScript
1377.0@388765: suspicious.warning: object contains JavaScript
1368.0@388963: suspicious.warning: object contains JavaScript
1386.0@389156: suspicious.warning: object contains JavaScript
1367.0@389453: suspicious.warning: object contains JavaScript
1384.0@389542: suspicious.warning: object contains JavaScript
1398.0@389632: suspicious.warning: object contains JavaScript
1376.0@390083: suspicious.warning: object contains JavaScript
6aac5096674c38617ea0d2352980c30e view report 3ec9ad748c440629849a429be87600c77e6bb8d00ba040408c3a6ab1c8680309 104549 7 J      
8.0@138: suspicious.javascript in XFA block
8.0@138: suspicious.warning: object contains JavaScript
d14fcee822824b62379228fddc456ff2 view report 4bf2a7f328b71eefadeedcdd75fb51665d5266bbd97ff1769110733145bd1ee1 46195 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@44957: suspicious.warning: object contains JavaScript
10.0@45064: pdf.exploit execute EXE file
10.0@45064: pdf.exploit access system32 directory
10.0@45064: pdf.exploit execute action command
10.0@45064: pdf.execute exe file
10.0@45064: pdf.execute access system32 directory
9f8cbb4c61c7adbc3ec3ae2d314294d1 view report b19826277537a5089b45bae86343bf9a5eea5cf9ceae04e92c3f5cee88517eca 21070 5 J      
8.0@138: suspicious.javascript in XFA block
8.0@138: suspicious.warning: object contains JavaScript
d641ee69dec14aa7173b4b949f5954cf view report 3c070d36e187e07ca971d1fcdf9539276780b2b975136b2742f236ba745aeb00 5741 63 J      
10.0@899: pdf.exploit U3D CVE-2011-2462
10.0@899: pdf.exploit U3D CVE-2011-2462 A
14.0@1962: suspicious.javascript object
15.0@2006: suspicious.obfuscation using unescape
15.0@2006: suspicious.obfuscation using substr
15.0@2006: suspicious.obfuscation using substring
15.0@2006: suspicious.warning: object contains JavaScript
6fd599e896964cdf2bd8cef049622574 view report 9007880d87aba243f45afd7ce0f0177962a16deddb12c5cd6fc506a611fab23a 84244 9 J      
8.0@149: suspicious.javascript in XFA block
8.0@149: suspicious.warning: object contains JavaScript