Malware Tracker Malware Tracker [static + dynamic analysis]

Login

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
68c62871e00deb5ea40257fb4c8e5a4a view report bd4c4ff771f9e56063ef98dfa91cc3d8fabb917f1fb8effe893dc38791fff487 5991 62 J      
10.0@899: pdf.exploit U3D CVE-2011-2462
10.0@899: pdf.exploit U3D CVE-2011-2462 A
15.0@2006: suspicious.obfuscation using unescape
15.0@2006: suspicious.obfuscation using substr
15.0@2006: suspicious.obfuscation using substring
15.0@2006: suspicious.warning: object contains JavaScript
b6442226ce9951cbb8fb98933cbfd963 view report 9beba76defb37adcab685d8ed7f523e3705251e3b5167ea8a6f0f7293c06a270 6086 49 J      
6.0@427: suspicious.obfuscation using unescape
6.0@427: suspicious.obfuscation using substring
6.0@427: pdf.exploit util.printf CVE-2008-2992
6.0@427: suspicious.warning: object contains JavaScript
bf671e03a05c59e09ea67e8e1d7a1308 view report ea265795fa57c8e7b022dd465a7c3508c5d9e4ca098ed2979e33f06578ad4896 5857 12 J      
13.0@1155: suspicious.javascript in XFA block
13.0@1155: suspicious.obfuscation using substr
13.0@1155: suspicious.warning: object contains JavaScript
13660b5102e264f830ed2bbcc9091078 view report 272b736fa88a41fe8e1659d0ae85a2efbb9c54d06acdb507b5eb7e07fe6d0e9f 1225341 55 J      
21.0@1219826: suspicious.obfuscation using unescape
21.0@1219826: suspicious.string Shellcode NOP sled
21.0@1219826: suspicious.string shellcode
21.0@1219826: suspicious.obfuscation using app.setTimeOut to eval code
21.0@1219826: pdf.exploit Collab.collectEmailInfo CVE-2008-0655
21.0@1219826: suspicious.warning: object contains JavaScript
22d898cb554e5c6c4ebb8ced5193925f view report 2f7677506d5c2f962eb946bf48b01182137bbca523bf54eb795bbfbd00e70aa8 46333 6     P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
10.0@45202: pdf.exploit execute EXE file
10.0@45202: pdf.exploit access system32 directory
10.0@45202: pdf.exploit execute action command
10.0@45202: pdf.execute exe file
10.0@45202: pdf.execute access system32 directory
4eeae804f3d182f0f48301fb081ebf73 view report 51df2b9d76a0883ec5b861d7698383fc66173d5052e769337e77536dc23848bc 46199 6     P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
10.0@45068: pdf.exploit execute EXE file
10.0@45068: pdf.exploit access system32 directory
10.0@45068: pdf.exploit execute action command
10.0@45068: pdf.execute exe file
10.0@45068: pdf.execute access system32 directory
04119b3dfb888f697f06d67aeff7acf8 view report b83b61f468422aa3beaa56aab06de653bea169c1d312f5350e91ae825c016219 59119 6     P  
17.0@13724: suspicious.pdf embedded PDF file
17.0@13724: suspicious.warning: object contains embedded PDF
19.0@58069: pdf.exploit execute EXE file
19.0@58069: pdf.exploit access system32 directory
19.0@58069: pdf.exploit execute action command
19.0@58069: pdf.execute exe file
19.0@58069: pdf.execute access system32 directory
d98be3b74f8589cf180dbcd5f445d3ab view report 105e17c515ba2e6a01803e389101abeb1395d868b6fb5544526300bb97ca3d3b 6161 49 J      
6.0@415: suspicious.obfuscation using unescape
6.0@415: suspicious.obfuscation using substring
6.0@415: pdf.exploit util.printf CVE-2008-2992
6.0@415: suspicious.warning: object contains JavaScript
ee7e6c1a22e84d8a6d2e074aab5d351e view report 4f9ce7ceef6a9c6d1ac02092111fdb2b7c6fe1abe3186e9d815ee08b4b489c10 149485 6 J      
16.0@38813: suspicious.warning: object contains JavaScript
29.0@110958: suspicious.warning: object contains JavaScript
33.0@119631: suspicious.warning: object contains JavaScript
35.0@124076: suspicious.warning: object contains JavaScript
37.0@128501: suspicious.warning: object contains JavaScript
39.0@132936: suspicious.warning: object contains JavaScript
304af1cf6cd77c82a4610aad97fd5334 view report a3b3417f175ac66d38b4198f43a4214366aac24d54097ece0fbf7532c64a3b71 328509 110 J      
195.0@7634: suspicious.warning: object contains JavaScript
196.0@11782: suspicious.warning: object contains JavaScript
197.0@11967: suspicious.obfuscation using eval
197.0@11967: suspicious.obfuscation using substr
197.0@11967: suspicious.warning: object contains JavaScript
198.0@14665: suspicious.warning: object contains JavaScript
199.0@16360: suspicious.obfuscation toString
199.0@16360: suspicious.warning: object contains JavaScript
200.0@18320: suspicious.obfuscation using eval
200.0@18320: suspicious.warning: object contains JavaScript
201.0@19229: suspicious.warning: object contains JavaScript
202.0@22243: suspicious.obfuscation using eval
202.0@22243: suspicious.warning: object contains JavaScript
203.0@22779: suspicious.warning: object contains JavaScript
204.0@23314: suspicious.warning: object contains JavaScript
205.0@24772: suspicious.warning: object contains JavaScript
206.0@25747: suspicious.obfuscation using eval
206.0@25747: suspicious.warning: object contains JavaScript
207.0@28271: suspicious.obfuscation using eval
207.0@28271: suspicious.obfuscation toString
207.0@28271: suspicious.warning: object contains JavaScript
208.0@32254: suspicious.obfuscation toString
208.0@32254: suspicious.warning: object contains JavaScript
209.0@34893: suspicious.warning: object contains JavaScript
210.0@37011: suspicious.warning: object contains JavaScript
211.0@37863: suspicious.obfuscation toString
211.0@37863: suspicious.warning: object contains JavaScript
212.0@39442: suspicious.obfuscation toString
212.0@39442: suspicious.obfuscation using String.replace
212.0@39442: suspicious.warning: object contains JavaScript
213.0@41139: suspicious.obfuscation toString
213.0@41139: suspicious.obfuscation using String.replace
213.0@41139: suspicious.warning: object contains JavaScript
214.0@42637: suspicious.obfuscation toString
214.0@42637: suspicious.warning: object contains JavaScript
215.0@46036: suspicious.obfuscation using String.replace
215.0@46036: suspicious.warning: object contains JavaScript
216.0@47136: suspicious.obfuscation toString
216.0@47136: suspicious.warning: object contains JavaScript
217.0@47573: suspicious.obfuscation toString
217.0@47573: suspicious.obfuscation using substr
217.0@47573: suspicious.warning: object contains JavaScript
218.0@48529: suspicious.obfuscation toString
218.0@48529: suspicious.obfuscation using substr
218.0@48529: suspicious.obfuscation using String.replace
218.0@48529: suspicious.warning: object contains JavaScript
219.0@50956: suspicious.warning: object contains JavaScript
220.0@51702: suspicious.warning: object contains JavaScript
221.0@55560: suspicious.obfuscation using String.fromCharCode
221.0@55560: suspicious.warning: object contains JavaScript
322.0@116818: suspicious.warning: object contains JavaScript
323.0@116922: suspicious.warning: object contains JavaScript
324.0@117019: suspicious.warning: object contains JavaScript
325.0@117116: suspicious.warning: object contains JavaScript
326.0@117213: suspicious.warning: object contains JavaScript
337.0@125278: suspicious.warning: object contains JavaScript
24.0@137780: suspicious.warning: object contains JavaScript
d6b1f92d9fd60c0d07d3a12da27d57d7 view report adobe_pdf_8_9.pdf 2304 90        
1.0@9: pdf.exploit using TIFF overflow CVE-2010-0188
1.0@9: suspicious.string base 64 nop sled used in TIFF overflow CVE-2010-0188
1.0@9: pdf.exploit TIFF overflow CVE-2010-0188
dcc28ea5b24125a3866289fb249adcf0 view report ac0ed798b7eb4a6f727b25d743652e66a67200632c89b0a84a8d4b59f608aad6 32983 10 J      
46.0@8303: suspicious.obfuscation toString
46.0@8303: suspicious.obfuscation using String.fromCharCode
46.0@8303: suspicious.warning: object contains JavaScript
4dea9515c51a0b94bfca653a7ebd2ac8 view report da753149375f9bfc58119ff3d068ed04b616705ee85e3a7341a893c4e566bd26 7995 7 J      
13.0@3895: suspicious.javascript in XFA block
13.0@3895: suspicious.warning: object contains JavaScript
7165499cce4b0f62151ac40e852da1ce view report 2d8c109b809e88ef9b9ab8070355a66a9a41db35000fc8cf52ef8f4c496b0c46 7987 7 J      
13.0@3895: suspicious.javascript in XFA block
13.0@3895: suspicious.warning: object contains JavaScript
3342f5ecc1c357d459bedb545b51bf0d view report e0e2de6d5935cfe02209c5b4102c149a3e0b0a5ecc95ca91b2001a848c67b1a5 247172 2        
0.0@242366: suspicious.obfuscation using eval
0.0@242366: suspicious.obfuscation using String.fromCharCode
-1.-1@242437: suspicious.warning: end of file contains content