Malware Tracker Malware Tracker [static + dynamic analysis]

Login

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
e960cda5c05d4582f9ffb9acb8b842c2 view report 2ea8569fab154a1d44a749f37529b4eccf55bb533b952d535e109a1c7c207027 19510 17 J      
9.0@301: suspicious.javascript in XFA block
9.0@301: suspicious.warning: object contains JavaScript
10.0@1156: suspicious.obfuscation using eval
14.0@18235: suspicious.obfuscation using String.fromCharCode
37b0ecc42613e20a0c3decc98dbaf1d5 view report 255b4c6dbdfb5f4197f839e5d5e2fbf0a8a60114f1fd8ad947adc572bb2bcd49 9444 27        
7.0@374: suspicious.obfuscation using unescape
7.0@374: suspicious.obfuscation using String.replace
7.0@374: suspicious.obfuscation getAnnots access blocks
8.0@681: suspicious.obfuscation using charCodeAt
8.0@681: suspicious.obfuscation using eval
8.0@681: suspicious.obfuscation toString
8.0@681: suspicious.obfuscation using substr
8.0@681: suspicious.obfuscation using String.fromCharCode
218df57725cda398b8c78bdd91f8b727 view report 05bf83559129bf3062e9814e301208dbc6e0b6a228ed136de0bcdb47b3da439d 12449 6 J      
25.0@303: suspicious.javascript object
26.0@350: suspicious.warning: object contains JavaScript
76.0@706: suspicious.obfuscation using substr
76.0@706: suspicious.warning: object contains JavaScript
441ab3193413595b5fa71da32fed664e view report 2d3903276f7b46405fe9c7f701ef5537878e7b12da8a853f5ca1eba5d4cedee2 62512 3 J      
25.0@303: suspicious.javascript object
26.0@350: suspicious.warning: object contains JavaScript
76.0@724: suspicious.warning: object contains JavaScript
bb02db038c3d30093d053131857ea0e8 view report 2a8c8ed5b320117f26e67f8c2ce50555f157556e949df5072f810e2325e99129 135459 3 J      
25.0@303: suspicious.javascript object
26.0@350: suspicious.warning: object contains JavaScript
76.0@706: suspicious.warning: object contains JavaScript
d449eca1fff6eb147adfb3b9e47fdf25 view report 002eb661ca4cb02fbe59b3bad9d22cd46776cff13c1bb5323c6754ac28a36193 12288 6 J      
25.0@303: suspicious.javascript object
26.0@350: suspicious.warning: object contains JavaScript
76.0@706: suspicious.obfuscation using substr
76.0@706: suspicious.warning: object contains JavaScript
90d2bd955be1ba8d225c8409a7614759 view report 0709e993b09539aef81238cdc4d087997920784ee9308cf786ddc0353d06ed15 6351991 7 J   P  
133.0@6306287: suspicious.pdf embedded PDF file
133.0@6306287: suspicious.warning: object contains embedded PDF
134.0@6350654: suspicious.warning: object contains JavaScript
135.0@6350766: pdf.exploit execute EXE file
135.0@6350766: pdf.exploit access system32 directory
135.0@6350766: pdf.exploit execute action command
135.0@6350766: pdf.execute exe file
135.0@6350766: pdf.execute access system32 directory
e07d95b4d4380b36d73af72594cc25dd view report 0e296abcf71900ae5fdb9466c1ae345b3992a90b25bc0dce7996b321dea93b6c 63179 9 J      
8.0@734: suspicious.javascript in XFA block
8.0@734: suspicious.warning: object contains JavaScript
5682c5735d744bd83bf99072a2bcc737 view report 1c251618bc2d6aca21dc207865b94f93ce45f0a4501ba159c5982bf86a84356f 88540 12 J      
8.0@142: suspicious.javascript in XFA block
8.0@142: suspicious.obfuscation using substr
8.0@142: suspicious.warning: object contains JavaScript
7d091f625123124df1154b0583908da2 view report violin.pdf 13039522 8        
9.0@1324: block size over 10MB
15.0@2231431: block size over 10MB
11.0@4210111: block size over 10MB
36.0@6201213: block size over 10MB
38.0@7357488: block size over 10MB
34.0@8639245: block size over 10MB
53.0@9783500: block size over 10MB
55.0@11302351: block size over 10MB
b8c9cda6dc4310dae25181e23ba98480 view report 1f3c2e2b7fe942a2e4719e0470caa969d5faf4cc39d8c3f0acb41853590dd53f 12455 6 J      
25.0@303: suspicious.javascript object
26.0@350: suspicious.warning: object contains JavaScript
76.0@706: suspicious.obfuscation using substr
76.0@706: suspicious.warning: object contains JavaScript
5a2d0976fd8814385e95aaa1b9077ec4 view report 238dfe226c97c2e4b5d5c182a152f9e9b445940de21a76d2a70d1ff2979da7a1 12321 6 J      
25.0@303: suspicious.javascript object
26.0@350: suspicious.warning: object contains JavaScript
76.0@706: suspicious.obfuscation using substr
76.0@706: suspicious.warning: object contains JavaScript
3d4013091abdc6578203b38fe6c094ad view report 15ca367b96f1c3575b50e4671ae8763cc179b201fd71e26cf13805e87672789d 127632 3 J      
25.0@303: suspicious.javascript object
26.0@350: suspicious.warning: object contains JavaScript
76.0@706: suspicious.warning: object contains JavaScript
fcd9a0f41d433094af770e24f64b71bf view report df2a1dc1ee9051015373006ef7053aa87439ed8ea1ba3a047b72254024ec289d 1225 1 J      
7.0@781: suspicious.warning: object contains JavaScript
e4d5dfd8a79e8c10ed9c11109dd04579 view report 060b309f709631fa0894abf4a6c6561050552e87964db632c70da222f0a23875 139219 6 J      
25.0@303: suspicious.javascript object
26.0@350: suspicious.warning: object contains JavaScript
76.0@706: suspicious.obfuscation using substr
76.0@706: suspicious.warning: object contains JavaScript