Malware Tracker Malware Tracker [static + dynamic analysis]

Login

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
994c49a4f742832833fdb9e857f2b3c0 view report ainp003_1.8.6.pdf 131727 25 J      
3.0@1192: suspicious.javascript in XFA block
3.0@1192: suspicious.obfuscation toString
3.0@1192: suspicious.obfuscation using substr
3.0@1192: suspicious.obfuscation using String.replace
3.0@1192: suspicious.obfuscation using substring
3.0@1192: suspicious.warning: object contains JavaScript
35.0@118950: suspicious.warning: object contains JavaScript
36.0@119429: suspicious.warning: object contains JavaScript
37.0@119776: suspicious.warning: object contains JavaScript
5ee1be92a717fed7332da1941dcc2560 view report d310739a9d703bd8b60b33171c8bf0bfbb8245be2b3e3009c69a4abbec880639 32627 10 J      
46.0@8303: suspicious.obfuscation toString
46.0@8303: suspicious.obfuscation using String.fromCharCode
46.0@8303: suspicious.warning: object contains JavaScript
707666baa0d3c299e711a6309c0244f4 view report 1c514f171864055b454545b8596c9289556ecac8bf9d7e777c73c59ee3b0bb26 468891 7 J   P  
98.0@434160: suspicious.pdf embedded PDF file
98.0@434160: suspicious.warning: object contains embedded PDF
99.0@467616: suspicious.warning: object contains JavaScript
100.0@467719: pdf.exploit execute EXE file
100.0@467719: pdf.exploit access system32 directory
100.0@467719: pdf.exploit execute action command
100.0@467719: pdf.execute exe file
100.0@467719: pdf.execute access system32 directory
27bcb8ecf690080b88e4d4e0a78dd661 view report df32bc9b75ce010b8dc26f124ba92b6efe2e45cc04a224ffbbe8a4fd2497f16e 7596 49 J      
6.0@413: suspicious.obfuscation using unescape
6.0@413: suspicious.obfuscation using substring
6.0@413: pdf.exploit util.printf CVE-2008-2992
6.0@413: suspicious.warning: object contains JavaScript
d891b90e3bc0ad914c9db248c78fcf52 view report 576bfbee41dae970117b39b969c43bd2c08d40ce47eae761f9bb1d05b0cc0b4d 60357 7 J   P  
21.0@15110: suspicious.pdf embedded PDF file
21.0@15110: suspicious.warning: object contains embedded PDF
22.0@59277: suspicious.warning: object contains JavaScript
23.0@59381: pdf.exploit execute EXE file
23.0@59381: pdf.exploit access system32 directory
23.0@59381: pdf.exploit execute action command
23.0@59381: pdf.execute exe file
23.0@59381: pdf.execute access system32 directory
6cf818625108d9830607eaa63294aa26 view report 1de63ececa1cf5781f5208b346733b033f8c8c600c1201413502d0a7f09ab03a 427354 4        
38.0@407756: suspicious.obfuscation using eval
4a6b34b46bc30ff1492be093a78f07c7 view report 07926d3dab3fad21648be35efa05358d9ee2ab3c76cd239f0b0951077ca5f8b5 109902 3 J      
25.0@303: suspicious.javascript object
26.0@350: suspicious.warning: object contains JavaScript
76.0@706: suspicious.warning: object contains JavaScript
d32a6ba8e2ff3c9b2a0dd1671949cba9 view report 4f906aa89cd2e75830a3a6f7e4ee669240860c2de36c00bd997f1a5e5273f85c 46392 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@45154: suspicious.warning: object contains JavaScript
10.0@45261: pdf.exploit execute EXE file
10.0@45261: pdf.exploit access system32 directory
10.0@45261: pdf.exploit execute action command
10.0@45261: pdf.execute exe file
10.0@45261: pdf.execute access system32 directory
8229598932c66af1f9daf5ea7f852228 view report 1e228df1a7c22b362e41814ca577f87a4c9891611dfd7426410e52cf28ecb03d 46903 26 J      
10.0@1030: pdf.exploit fontfile SING table overflow CVE-2010-2883 A
12.0@41453: suspicious.obfuscation using unescape
12.0@41453: suspicious.obfuscation using substring
12.0@41453: suspicious.string heap spray shellcode
12.0@41453: suspicious.string shellcode
12.0@41453: suspicious.warning: object contains JavaScript
6daf6f6fc824a526f6822f99b1cce1c8 view report 4331866bdf3c96a1c6743f1799d697c5340231e87bab31b25d22ed346a2f50fb 247622 2        
0.0@242816: suspicious.obfuscation using eval
0.0@242816: suspicious.obfuscation using String.fromCharCode
-1.-1@242887: suspicious.warning: end of file contains content
9127ecc115fdf3e4c1f644244de4d82a view report 887b155623e3d956cef9e39ae6ecc07a1e0a8a20c2a4b769d80398b9d6ebc323 457009 4        
22.0@349746: suspicious.obfuscation using eval
ecdc8556f1cf2cbe7c6c9c36e98089c6 view report 39111e57c3517e72e54633ec962ffe1d985bd2e7a634bfb8e77ca6c1a91d6cef 247622 2        
0.0@242816: suspicious.obfuscation using eval
0.0@242816: suspicious.obfuscation using String.fromCharCode
-1.-1@242887: suspicious.warning: end of file contains content
b22cda29b0844f605f2e6a68c7788003 view report 3eff0c48e42af84bc3e1778862084fc9e51a8a8e6e2ee258bd2160297d9bdb3d 334006 8        
23.0@241402: suspicious.obfuscation using eval
25.0@308638: suspicious.obfuscation using eval
23acb2b085afde8f24a18c1b259b72cb view report e6c36e1e37c78fd83590360bd68fe76dd3396a1b3d8af42d7438fff06d6cb745 334006 8        
23.0@241402: suspicious.obfuscation using eval
25.0@308638: suspicious.obfuscation using eval
d33b50da537335df602b0f57c1d68751 view report c39bd2e48203402060a86f06ff75b41f2a38379f4db797a49ee9b56b546a882a 334006 8        
23.0@241402: suspicious.obfuscation using eval
25.0@308638: suspicious.obfuscation using eval