Malware Tracker [static + dynamic analysis]

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
19ca2ac9c59fffcd29e681f5f0cc53b8 view report fc127153a68cfbd6923bc5658bd51e15af647c301720e7fae3918a75e04e74e2:/home/cuckoo/Code/pdf-documents/initial_pdfs/28c28e86928b08f5cf5facca850d3c6db6f16d4f.pdf: 512443 16 J      
228.0@491316: suspicious.obfuscation using charCodeAt
228.0@491316: suspicious.obfuscation toString
228.0@491316: suspicious.obfuscation using substr
228.0@491316: suspicious.obfuscation using String.fromCharCode
228.0@491316: suspicious.obfuscation using String.replace
230.0@507276: suspicious.obfuscation using unescape
230.0@507276: suspicious.obfuscation using String.fromCharCode
230.0@507276: suspicious.obfuscation getAnnots access blocks
230.0@507276: suspicious.warning: object contains JavaScript
011c9cc98c76ff4e36b08b93b8731a55 view report 5de13e4dad1321cfd4858e10d1c9ed7cba9c3261bb7d54580b02a2ca694cf51b:/home/cuckoo/Code/pdf-documents/initial_pdfs/8fcbfc449c6950673bae2b9f93abb050eea201f4.pdf: 681002 33 J      
321.0@590276: suspicious.obfuscation using unescape
321.0@590276: suspicious.obfuscation using eval
321.0@590276: suspicious.obfuscation toString
321.0@590276: suspicious.obfuscation using substring
321.0@590276: suspicious.obfuscation using app.setTimeOut to eval code
321.0@590276: suspicious.warning: object contains JavaScript
344c1e86cc7cd7f36d0e3458022cabea view report 68c62371d5ab612a4c28b8712201335c5d5e1f1c8be251471045c6da829d3219:/home/cuckoo/Code/pdf-documents/initial_pdfs/07699b8e6fd14414f459742e1759ec8379b9dd1c.pdf: 637199 42 J      
320.0@594971: suspicious.obfuscation using unescape
320.0@594971: suspicious.obfuscation using eval
320.0@594971: suspicious.obfuscation using String.replace
320.0@594971: suspicious.warning: object contains JavaScript
351.0@628689: suspicious.obfuscation using unescape
351.0@628689: suspicious.obfuscation using substring
351.0@628689: suspicious.string Shellcode NOP sled
351.0@628689: pdf.exploit Collab.getIcon CVE-2009-0927
6ce9ea18e93eca01536c6bc660ce4052 view report 479200d3ad1821cd5bf3b8c4aafdd8b57308fc7135a36ef389cb8b2d1e3e4551:/home/cuckoo/Code/pdf-documents/initial_pdfs/c26323cd93ac758fbfbff126d3805e3219c89925.pdf: 801175 33 J      
61.0@95533: suspicious.obfuscation using unescape
61.0@95533: suspicious.obfuscation using eval
61.0@95533: suspicious.obfuscation toString
61.0@95533: suspicious.obfuscation using substring
61.0@95533: suspicious.obfuscation using app.setTimeOut to eval code
61.0@95533: suspicious.warning: object contains JavaScript
16ea6e89f3e7e9529ffd0302c41b2754 view report 96d725563c3e427df611f684fc8199f6fbf080464d908c4587aa6effd27ea4e4:/home/cuckoo/Code/pdf-documents/initial_pdfs/8615f2e037e5252a987511b404795047a33d1842.pdf: 786141 42 J      
350.0@703502: suspicious.obfuscation using unescape
350.0@703502: suspicious.obfuscation using eval
350.0@703502: suspicious.obfuscation using String.replace
350.0@703502: suspicious.warning: object contains JavaScript
361.0@777425: suspicious.obfuscation using unescape
361.0@777425: suspicious.obfuscation using substring
361.0@777425: suspicious.string Shellcode NOP sled
361.0@777425: pdf.exploit Collab.getIcon CVE-2009-0927
d56686b0426a4fa54a76da0007250d09 view report d32de5a78a74bc85ff9ea24d02e85ac54a762ce161a0c3d4aa6a68dd7499334d:chapter1.pdf: 269123 7 J   P  
37.0@223631: suspicious.pdf embedded PDF file
37.0@223631: suspicious.warning: object contains embedded PDF
38.0@267969: suspicious.warning: object contains JavaScript
39.0@268077: pdf.exploit execute EXE file
39.0@268077: pdf.exploit access system32 directory
39.0@268077: pdf.exploit execute action command
39.0@268077: pdf.execute exe file
39.0@268077: pdf.execute access system32 directory
aa6deef595fe2e69ebd43de64d0bb444 view report fd64e3d3658b5367b69a8037e043a6ed0806d26825c28892edf07416952ceb51:/home/cuckoo/Code/pdf-documents/initial_pdfs/eb38c62401bd2cadad832c5c547d83fecf312a11.pdf: 1425375 20 J      
322.0@1345206: suspicious.obfuscation using unescape
322.0@1345206: suspicious.obfuscation using eval
322.0@1345206: suspicious.obfuscation using String.fromCharCode
322.0@1345206: suspicious.obfuscation using String.replace
322.0@1345206: suspicious.warning: object contains JavaScript
533d2cad390e6607f967c07d65be2270 view report 6b0b156348466efb0f54b0377c7bce73fd23125702d01d73dca266e48a473bc5:/home/cuckoo/Code/pdf-documents/initial_pdfs/377233ff8c59b50c52efec21e45c632f12db5498.pdf: 1416032 18 J      
322.0@1314780: suspicious.obfuscation using charCodeAt
322.0@1314780: suspicious.obfuscation using eval
322.0@1314780: suspicious.obfuscation using String.fromCharCode
322.0@1314780: suspicious.obfuscation using String.replace
322.0@1314780: suspicious.warning: object contains JavaScript
dd2de77f60a32a953c6d8ff619ffc8d1 view report 2cc8a37b08c85d349441c43f05e5a8beb72f183781c698d9b54cb7cbffd4d961:/home/cuckoo/Code/pdf-documents/initial_pdfs/e52362a0f32abdce092bb8011ab5eeb221935f95.pdf: 470783 14 J      
2.0@110: suspicious.obfuscation using eval
2.0@110: suspicious.obfuscation using String.fromCharCode
2.0@110: suspicious.obfuscation using String.replace
2.0@110: suspicious.warning: object contains JavaScript
16093b05dcc4583e708e85131882e6b5 view report bd5b9d0ba37fa4643cdc388f9542d2fa63fc3f0381a7ec1b94108130482ad47b:/home/cuckoo/Code/pdf-documents/initial_pdfs/140db885f514082302ec8774d1a7184e42a8aac4.pdf: 686687 33 J      
56.0@116128: suspicious.obfuscation using unescape
56.0@116128: suspicious.obfuscation using eval
56.0@116128: suspicious.obfuscation toString
56.0@116128: suspicious.obfuscation using substring
56.0@116128: suspicious.obfuscation using app.setTimeOut to eval code
56.0@116128: suspicious.warning: object contains JavaScript
3c9665bb569805435be1980998b3c528 view report 3dcbf91a9847a3e9deff9eeb8415a08537ac404f3f904b478fc849ee897d2c0a:/home/cuckoo/Code/pdf-documents/initial_pdfs/08e068a70a1aabf0d0081d47e946dfa78b4cf23d.pdf: 505618 31 J      
9.0@28057: suspicious.obfuscation using charCodeAt
9.0@28057: suspicious.obfuscation using eval
9.0@28057: suspicious.obfuscation toString
9.0@28057: suspicious.obfuscation using substr
9.0@28057: suspicious.obfuscation using String.fromCharCode
10.0@37372: suspicious.obfuscation using unescape
10.0@37372: suspicious.obfuscation using eval
10.0@37372: suspicious.obfuscation using String.replace
10.0@37372: suspicious.obfuscation getAnnots access blocks
10.0@37372: suspicious.warning: object contains JavaScript
8f8abcb49ea26be6d55c88d711b51ff9 view report f2b0c50f9dc1de46563959500e91ba44a84dc2342610b903a8ca439feda1af26:/home/cuckoo/Code/pdf-documents/initial_pdfs/c5c17be1209d5899d27217991d6b9e5f52791799.pdf: 721159 33 J      
318.0@567065: suspicious.obfuscation using unescape
318.0@567065: suspicious.obfuscation using eval
318.0@567065: suspicious.obfuscation toString
318.0@567065: suspicious.obfuscation using substring
318.0@567065: suspicious.obfuscation using app.setTimeOut to eval code
318.0@567065: suspicious.warning: object contains JavaScript
bb2584b40116d059378ac9419b420e8f view report 174578b83e2030a85283d2463526297b4a04f96503539716950773e33b6d1dcb:/home/cuckoo/Code/pdf-documents/initial_pdfs/0cdb9c78cf17accfe3b22c1a6517130350bb4854.pdf: 718117 31 J      
294.0@590863: suspicious.obfuscation using charCodeAt
294.0@590863: suspicious.obfuscation using eval
294.0@590863: suspicious.obfuscation toString
294.0@590863: suspicious.obfuscation using substr
294.0@590863: suspicious.obfuscation using String.fromCharCode
322.0@633092: suspicious.obfuscation using unescape
322.0@633092: suspicious.obfuscation using eval
322.0@633092: suspicious.obfuscation using String.replace
322.0@633092: suspicious.obfuscation getAnnots access blocks
322.0@633092: suspicious.warning: object contains JavaScript
31cea940b703a340cc7f07943843a0a3 view report 698554c5ae298783dfdc1e3548b5903cad7d9235b56774fad1bb493228ad4724:/home/cuckoo/Code/pdf-documents/initial_pdfs/f37ef8ebb5aa934fdc171c5f61241984caa1ac12.pdf: 470823 14 J      
2.0@103: suspicious.obfuscation using eval
2.0@103: suspicious.obfuscation using String.fromCharCode
2.0@103: suspicious.obfuscation using String.replace
2.0@103: suspicious.warning: object contains JavaScript
3b9f73ed9a4efdab92a34e65dc96dca1 view report 19642ea0290aed95f0c6900613c70f42d254e47e6c585d239178f3edeedd9870:/home/cuckoo/Code/pdf-documents/initial_pdfs/2bfc11351ee45fe2241f04269d831927e3f9d512.pdf: 683201 42 J      
55.0@114929: suspicious.obfuscation using unescape
55.0@114929: suspicious.obfuscation using eval
55.0@114929: suspicious.obfuscation using String.replace
55.0@114929: suspicious.warning: object contains JavaScript
307.0@675567: suspicious.obfuscation using unescape
307.0@675567: suspicious.obfuscation using substring
307.0@675567: suspicious.string Shellcode NOP sled
307.0@675567: pdf.exploit Collab.getIcon CVE-2009-0927