Malware Tracker [static + dynamic analysis]

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
45f94803bc81aa634b0ebcd3ed7e7bd8 view report 0a4abd3ab1fa4f436de65da96ee593145eb304699ebcdf44cacec78e0bf5ebe8 12125 6 J      
25.0@303: suspicious.javascript object
26.0@350: suspicious.warning: object contains JavaScript
76.0@706: suspicious.obfuscation using substr
76.0@706: suspicious.warning: object contains JavaScript
05e2dd15e875a541a268ebe1b26d2085 view report abdf4e2762128c35b3ba1ab6e369a14484d5b82bd5246a523dff8895352c8d0c 5366 1 J      
7.0@4749: suspicious.warning: object contains JavaScript
26778f6da7c60e2eeec76a2176a23d1c view report 7baad1001e1c007a7ae09b523452cb7416f1b918e5e2054cdb61eff0969d9cab 34667 8 J      
1.0@15: suspicious.obfuscation using charCodeAt
1.0@15: suspicious.javascript in XFA block
1.0@15: suspicious.obfuscation using String.fromCharCode
1.0@15: suspicious.obfuscation using substring
1.0@15: block size over 10MB
1.0@15: suspicious.warning: object contains JavaScript
c518c4a9acdbfeb4de1efbda7be95b72 view report df090efe89665b655820c2b91bcb11b858dc9beff80e0b8b0dd4683efe4acec4 4493 3        
5.0@420: pdf.exploit execute EXE file
5.0@420: pdf.exploit execute action command
5.0@420: pdf.execute exe file
1de87ddf807cba2c9c730fcc57538539 view report 2392ed21e8b91450a391da6a202ce13256ba6275395ddaf155e149144e5e3c21 8255 15 J      
5.0@265: suspicious.obfuscation using String.fromCharCode
5.0@265: suspicious.obfuscation getAnnots access blocks
5.0@265: suspicious.warning: object contains JavaScript
9.0@6892: suspicious.obfuscation using charCodeAt
9.0@6892: suspicious.obfuscation toString
9.0@6892: suspicious.obfuscation using substr
9.0@6892: suspicious.obfuscation using String.fromCharCode
1a745f150b56e2ffda946185aaefc103 view report 235bfda63e410901778a5ac78867db97c54dfd6cad2d7e6009c814a34f3a8d7d 12547 6 J      
25.0@303: suspicious.javascript object
26.0@350: suspicious.warning: object contains JavaScript
76.0@706: suspicious.obfuscation using substr
76.0@706: suspicious.warning: object contains JavaScript
f706b287fa019eeda0bb6e4258f6b804 view report 0987b0781394878bac215682cf31bf7edbc06a560c05b25a633d4e058b59f365 109813 3 J      
25.0@303: suspicious.javascript object
26.0@350: suspicious.warning: object contains JavaScript
76.0@706: suspicious.warning: object contains JavaScript
1aec49c5fe7ed00bbf91be63300dc6d6 view report 1d28282a13234f50b98bf47b44958f7cb11fe45c58e6f0dd4884f108b0765e48 9495 27        
7.0@374: suspicious.obfuscation using unescape
7.0@374: suspicious.obfuscation using String.replace
7.0@374: suspicious.obfuscation getAnnots access blocks
8.0@681: suspicious.obfuscation using charCodeAt
8.0@681: suspicious.obfuscation using eval
8.0@681: suspicious.obfuscation toString
8.0@681: suspicious.obfuscation using substr
8.0@681: suspicious.obfuscation using String.fromCharCode
c6ce612c69791f6574851f92a1da560a view report 269cee27b9d68ff8188c1c56f5632a3b529c2ad612a0f2f85ab6b6ff175034e7 16452 3 J      
25.0@473: suspicious.javascript object
26.0@520: suspicious.warning: object contains JavaScript
76.0@1022: suspicious.warning: object contains JavaScript
c3f073fb8d087e2908412fa77dab974f view report 1de97f13e9d2365fcb545bb5ca3324638a66fd2fe9ae8dc272bd6db0856c5bb1 29997 20 J      
10.0@440: suspicious.obfuscation using eval
10.0@440: suspicious.javascript in XFA block
10.0@440: suspicious.warning: object contains JavaScript
11.0@1317: suspicious.obfuscation using substr
14.0@28645: suspicious.obfuscation using String.fromCharCode
2eab7a8ab81aaf8f2e1b199c3a1800b3 view report 772c25aff2ba95ead12309e3a960836a32f466e57e3df45ac004a3ffefd64f61 9685 3 J      
8.0@149: suspicious.javascript in XFA block
8.0@149: suspicious.warning: object contains JavaScript
c779881b7015640a430ddb8127fdfeaf view report 7fb538178c95d4e70fcdc35656374fda341b3d3ae383ba2d43d0ab389d6b1ebd 73153 3 J      
8.0@149: suspicious.javascript in XFA block
8.0@149: suspicious.warning: object contains JavaScript
a58c2ad4c46a9dcb4661c70d51199872 view report 2242573003b5ea81ecae19a428ca02473bfb0a94d06f9e064945f7465a43647b 9248 27        
7.0@374: suspicious.obfuscation using unescape
7.0@374: suspicious.obfuscation using String.replace
7.0@374: suspicious.obfuscation getAnnots access blocks
8.0@681: suspicious.obfuscation using charCodeAt
8.0@681: suspicious.obfuscation using eval
8.0@681: suspicious.obfuscation toString
8.0@681: suspicious.obfuscation using substr
8.0@681: suspicious.obfuscation using String.fromCharCode
fef3c264d7f24c086b4142228a19ff9d view report 18da786b4adc9a1a8f89067f0674996ae0f6544cb0b8ec0cff5722cba1892fe4 16058 14 J      
5.0@265: suspicious.obfuscation using String.fromCharCode
5.0@265: suspicious.obfuscation getAnnots access blocks
5.0@265: suspicious.warning: object contains JavaScript
9.0@6770: suspicious.obfuscation toString
9.0@6770: suspicious.obfuscation using substr
9.0@6770: suspicious.obfuscation using String.fromCharCode
f88692ab778660259119ca7b11e1a059 view report 22745f836625612b69ab8062b870d32c59435afbc31f543831892ca0d5b82d1c 8278 26        
7.0@368: suspicious.obfuscation using unescape
7.0@368: suspicious.obfuscation using eval
7.0@368: suspicious.obfuscation getAnnots access blocks
8.0@542: suspicious.obfuscation using charCodeAt
8.0@542: suspicious.obfuscation using eval
8.0@542: suspicious.obfuscation toString
8.0@542: suspicious.obfuscation using substr
8.0@542: suspicious.obfuscation using String.fromCharCode