Malware Tracker [static + dynamic analysis]

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
98b00a2ca776e3c4c646c87657ea8883 view report 9e4e1a9343ff11ce8488e01b1636730a9770042673fb02dc6239d4725815210d 691464 7 J   P  
249.0@645428: suspicious.pdf embedded PDF file
249.0@645428: suspicious.warning: object contains embedded PDF
250.0@689818: suspicious.warning: object contains JavaScript
251.0@689951: pdf.exploit execute EXE file
251.0@689951: pdf.exploit access system32 directory
251.0@689951: pdf.exploit execute action command
251.0@689951: pdf.execute exe file
251.0@689951: pdf.execute access system32 directory
94c02c6b772c065bdd54d5848280ae3f view report ec5a461f500c4136278764e24c22c160ac23269336b49fc2944074bd5a80c7b4 65536 15 J      
9.0@326: suspicious.javascript in XFA block
9.0@326: suspicious.warning: object contains JavaScript
10.0@1210: suspicious.obfuscation using eval
b6ed7ca75bcae1ddb25a075ff8cbc38d view report 642d8c7b00d0272649008bade5a2a4a6d02756b92c22045c774a8aca23a75535 248790 6        
0.0@244863: suspicious.obfuscation using charCodeAt
0.0@244863: suspicious.obfuscation toString
0.0@244863: suspicious.obfuscation using String.fromCharCode
0.0@244863: suspicious.obfuscation using String.replace
0.0@244863: suspicious.obfuscation using substring
-1.-1@244934: suspicious.warning: end of file contains content
dd11f179545097d517e75564186d531a view report 2a72feb270696a7c3c68ae6b2d99cb722334f757db526bfb4ba89fbac21fe115 65536 5 J      
8.0@192: suspicious.obfuscation using eval
8.0@192: suspicious.javascript in XFA block
8.0@192: suspicious.warning: object contains JavaScript
7f0db64c7981b580fd5ab7d8bc8cb791 view report 75a1e1abfc8700281f308f4119bcecaf126e07b2c949ad3da52ee6f49ed39320 46220 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@45026: suspicious.warning: object contains JavaScript
10.0@45133: pdf.exploit execute EXE file
10.0@45133: pdf.exploit access system32 directory
10.0@45133: pdf.exploit execute action command
10.0@45133: pdf.execute exe file
10.0@45133: pdf.execute access system32 directory
df7d1a446be0b000bef7f6cbea155f69 view report 336f28c5eb7fb0f8023df436e6523e0deba151343a5450ef07c7c3a24b2b6ebd 65536 3 J      
8.0@195: suspicious.javascript in XFA block
8.0@195: suspicious.warning: object contains JavaScript
f66f8b7d9bbe5a1668898dd31ae7cb22 view report 9b742ea2341a0f6e9ce9489402f6d20e432c770cd8957e01b91196ad31909e70 46195 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@44957: suspicious.warning: object contains JavaScript
10.0@45064: pdf.exploit execute EXE file
10.0@45064: pdf.exploit access system32 directory
10.0@45064: pdf.exploit execute action command
10.0@45064: pdf.execute exe file
10.0@45064: pdf.execute access system32 directory
a0f16d6d0eb7e9549303f1cde9daaf31 view report dcb85c48f12e19c36e1abeeb9db606efd558ad7c0a578cf926eb9f3ec9e24153 65536 3 J      
8.0@195: suspicious.javascript in XFA block
8.0@195: suspicious.warning: object contains JavaScript
970f10820ca11187881d2939f1e8041b view report beb8a87b549f8908130f38ac8a8faff9ef3a1cbda35507cda27108f2f239620f 65536 8 J      
4.0@351: suspicious.obfuscation using unescape
4.0@351: suspicious.obfuscation using eval
4.0@351: suspicious.obfuscation toString
4.0@351: suspicious.obfuscation using substr
4.0@351: suspicious.obfuscation using String.fromCharCode
4.0@351: suspicious.warning: object contains JavaScript
065216958bec910fb9a72ed91e687ecf view report 891c347434e524995509157c3842a7e84cf04c05b388f1752dde5c8da05814a9 65536 15 J      
9.0@326: suspicious.javascript in XFA block
9.0@326: suspicious.warning: object contains JavaScript
10.0@1210: suspicious.obfuscation using eval
09ac4d6fd97e08956066b4518c3e375a view report 5f40180987f4ced339795785eaaa3574f79fbf698e3f7f6c935bc4489a30e47f 132581 7 J   P  
66.0@86954: suspicious.pdf embedded PDF file
66.0@86954: suspicious.warning: object contains embedded PDF
67.0@131261: suspicious.warning: object contains JavaScript
68.0@131367: pdf.exploit execute EXE file
68.0@131367: pdf.exploit access system32 directory
68.0@131367: pdf.exploit execute action command
68.0@131367: pdf.execute exe file
68.0@131367: pdf.execute access system32 directory
52765856579320808f6cc142168ff59b view report 00155d08bd77d3f2d828d1abb2e3f8999553d4714e679ca0a3ad91d210562349 135720 3 J      
25.0@303: suspicious.javascript object
26.0@350: suspicious.warning: object contains JavaScript
76.0@706: suspicious.warning: object contains JavaScript
c3b20990e8b2ccc7c575b827042e6f34 view report 20ce44a5cf012b758111eedf94d5243b045f0a83ed1481025df1796dcae2b1ef 6514 49 J      
6.0@411: suspicious.obfuscation using unescape
6.0@411: suspicious.obfuscation using substring
6.0@411: pdf.exploit util.printf CVE-2008-2992
6.0@411: suspicious.warning: object contains JavaScript
bce707a98761f025bb4bc44f76f940c7 view report 50d04513131eaa03ee0d0447906a7abcc3f4504f4218ab32f4a110cfb9f75aca 9037 14 J      
6.0@613: suspicious.obfuscation using eval
6.0@613: suspicious.obfuscation using String.fromCharCode
6.0@613: suspicious.obfuscation using String.replace
6.0@613: suspicious.warning: object contains JavaScript
20a49c51455117086b13ed11c645a09c view report 85821090b52a0585a0e7e8bc1a2e71daeba2ce4284f9b4ad9f14f6b7f7514fb6 65536 4 J      
8.0@186: suspicious.javascript in XFA block
8.0@186: suspicious.obfuscation using substr
8.0@186: suspicious.warning: object contains JavaScript