Malware Tracker [static + dynamic analysis]

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
c37ae9efc4eefcf1fe9cefa69a9e51f4 view report infected.pdf 6771 49 J      
6.0@425: suspicious.obfuscation using unescape
6.0@425: suspicious.obfuscation using substring
6.0@425: pdf.exploit util.printf CVE-2008-2992
6.0@425: suspicious.warning: object contains JavaScript
7a38d014798894c269d77bbc22a679d3 view report 1064d4ff29318a8a4f078f74a7e30b07c21b6f1f8e6b9811b3ffd243df73dfa2:newstart.pdf: 81842 12 J      
65.0@68114: suspicious.warning: object contains JavaScript
65.0@68248: suspicious.warning: object contains JavaScript
66.0@68400: suspicious.warning: object contains JavaScript
66.0@68552: suspicious.warning: object contains JavaScript
67.0@79300: suspicious.warning: object contains JavaScript
67.0@79452: suspicious.obfuscation using eval
67.0@79452: suspicious.obfuscation using String.replace
67.0@79452: suspicious.warning: object contains JavaScript
c199e3e1b788d0b342fdefc87ad21863 view report 1c9042bf6023413a0c5dba2c117fbb3edaebecc2473fb4df4eaed4132d180dee:stucky.pdf: 46228 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@44990: suspicious.warning: object contains JavaScript
10.0@45097: pdf.exploit execute EXE file
10.0@45097: pdf.exploit access system32 directory
10.0@45097: pdf.exploit execute action command
10.0@45097: pdf.execute exe file
10.0@45097: pdf.execute access system32 directory
439569b0a9888bc6268f7f6c744b9fe2 view report 4d0bc577e209fad4160b6d4f22c530fe897ad75641bdb6aa7a6aa90bb2819538:ukconfirmation-ph20834.pdf: 1242 1 J      
7.0@781: suspicious.warning: object contains JavaScript
791e2041fa7a7474d318cbe929edfbb2 view report 8ac65b32d27a59ba3a8cdc700382056b27dac414709d9b42bc6d01296eba7017:791e2041fa7a7474d318cbe929edfbb2.virus: 71673 27 J      
9.0@11329: suspicious.embedded doc file
13.0@16952: suspicious.embedded xls file
17.0@67322: suspicious.embedded doc file
22.0@67738: suspicious.warning: object contains JavaScript
23.0@67821: suspicious.warning: object contains JavaScript
24.0@68675: suspicious.javascript object
25.0@68719: suspicious.warning: object contains JavaScript
26.0@68790: suspicious.warning: object contains JavaScript
27.0@68871: suspicious.warning: object contains JavaScript
28.0@68928: suspicious.warning: object contains JavaScript
29.0@69022: suspicious.warning: object contains JavaScript
30.0@69106: suspicious.obfuscation using unescape
30.0@69106: suspicious.obfuscation using substring
30.0@69106: suspicious.warning: object contains JavaScript
31.0@69511: suspicious.javascript object
32.0@69555: suspicious.warning: object contains JavaScript
39.0@70403: suspicious.warning: object contains JavaScript
ec1a92d08f7f809502a4cfaed709c772 view report 039b0889b6fee0c65924a4177b982ea842244802478ad697ea3448c3bb839705:do not open --- WIRING INSTRUCTIONS --- do not open.pdf: 1247 1 J      
7.0@781: suspicious.warning: object contains JavaScript
e94b1fe60faff0fa9ffc245e30077553 view report b6f692383606e60b891b18da59f30f4f89c708e5c025d69f3e12c0d097652a30:UChannel_COBRA_ASA.pdf: 449743 13 J      
275.0@425888: suspicious.warning: object contains JavaScript
276.0@426234: suspicious.javascript object
277.0@426279: suspicious.warning: object contains JavaScript
278.0@426988: suspicious.javascript object
279.0@427033: suspicious.warning: object contains JavaScript
280.0@427523: suspicious.javascript object
285.0@428693: suspicious.javascript in XFA block
285.0@428693: suspicious.warning: object contains JavaScript
540b1d242fb5ebcab8a144d7b2d5b946 view report 94a13053f86820d5b850d006076a4c26cd8bf0946b27b4c0c66ffcb030db57b4:Business_Application_-_DIPPIN_DONUTS.pdf: 950083 13 J      
270.0@913757: suspicious.warning: object contains JavaScript
271.0@914103: suspicious.javascript object
272.0@914148: suspicious.warning: object contains JavaScript
273.0@914857: suspicious.javascript object
274.0@914902: suspicious.warning: object contains JavaScript
275.0@915392: suspicious.javascript object
280.0@916634: suspicious.javascript in XFA block
280.0@916634: suspicious.warning: object contains JavaScript
f79865d4047e3f514ed49812b50fc24c view report 9e52ace7ccf6a5a841f071d8d280fae366ab5e687f3f320c9a88b5f66781af71:evil.pdf: 46479 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@45241: suspicious.warning: object contains JavaScript
10.0@45348: pdf.exploit execute EXE file
10.0@45348: pdf.exploit access system32 directory
10.0@45348: pdf.exploit execute action command
10.0@45348: pdf.execute exe file
10.0@45348: pdf.execute access system32 directory
6b12ac8d67ed83c69f8439ecb404cfdb view report 2b2c50a51a98ecde32fddd9a9ec6d6afb921ee0d96931ecb52e9b1dcc4ecde6f:evil.pdf: 46242 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@45070: suspicious.warning: object contains JavaScript
10.0@45177: pdf.exploit execute EXE file
10.0@45177: pdf.exploit access system32 directory
10.0@45177: pdf.exploit execute action command
10.0@45177: pdf.execute exe file
10.0@45177: pdf.execute access system32 directory
b8c9da515eba667aadb7fea1eab8364d view report a8fc95e285a37c4c1ea3eaea5d86538b3e984d361fdc9cba9919e117d361076a:Par-loan.pdf: 53509 16 J      
36.0@51520: suspicious.obfuscation using unescape
36.0@51520: suspicious.warning: object contains JavaScript
911264c54646329a5c3f0dd17dc3e22c view report 39583b13a7a3f662da8fc8c3b642fca27b9bea011327a0836ee621686d42c97f:G060100040.pdf: 274039 157 J      
715.0@15832: suspicious.obfuscation using charCodeAt
715.0@15832: suspicious.obfuscation using eval
715.0@15832: suspicious.javascript object
715.0@15832: suspicious.warning: object contains JavaScript
716.0@18296: suspicious.javascript object
717.0@18342: suspicious.javascript object
718.0@18388: suspicious.javascript object
719.0@18434: suspicious.javascript object
720.0@18480: suspicious.javascript object
721.0@18526: suspicious.warning: object contains JavaScript
722.0@18756: suspicious.obfuscation using eval
722.0@18756: suspicious.warning: object contains JavaScript
723.0@19021: suspicious.warning: object contains JavaScript
724.0@19299: suspicious.obfuscation using substring
724.0@19299: suspicious.warning: object contains JavaScript
725.0@19562: suspicious.warning: object contains JavaScript
726.0@19826: suspicious.obfuscation using eval
726.0@19826: suspicious.obfuscation toString
726.0@19826: suspicious.obfuscation using substring
726.0@19826: suspicious.warning: object contains JavaScript
727.0@20691: suspicious.warning: object contains JavaScript
728.0@21098: suspicious.obfuscation using eval
728.0@21098: suspicious.warning: object contains JavaScript
729.0@21416: suspicious.warning: object contains JavaScript
730.0@21789: suspicious.warning: object contains JavaScript
731.0@22228: suspicious.warning: object contains JavaScript
732.0@22474: suspicious.obfuscation using eval
732.0@22474: suspicious.obfuscation using substring
732.0@22474: suspicious.warning: object contains JavaScript
733.0@22907: suspicious.warning: object contains JavaScript
734.0@23282: suspicious.warning: object contains JavaScript
735.0@23862: suspicious.warning: object contains JavaScript
736.0@24081: suspicious.obfuscation using eval
736.0@24081: suspicious.obfuscation using substring
736.0@24081: suspicious.warning: object contains JavaScript
737.0@24364: suspicious.obfuscation using eval
737.0@24364: suspicious.obfuscation using substring
737.0@24364: suspicious.warning: object contains JavaScript
738.0@24634: suspicious.warning: object contains JavaScript
739.0@25048: suspicious.obfuscation getAnnots access blocks
739.0@25048: suspicious.warning: object contains JavaScript
842.0@122231: suspicious.warning: object contains JavaScript
843.0@122328: suspicious.warning: object contains JavaScript
844.0@122435: suspicious.warning: object contains JavaScript
845.0@122532: suspicious.warning: object contains JavaScript
846.0@122639: suspicious.warning: object contains JavaScript
847.0@122736: suspicious.warning: object contains JavaScript
848.0@122843: suspicious.warning: object contains JavaScript
849.0@122940: suspicious.warning: object contains JavaScript
850.0@123047: suspicious.warning: object contains JavaScript
851.0@123144: suspicious.warning: object contains JavaScript
852.0@123251: suspicious.warning: object contains JavaScript
853.0@123348: suspicious.warning: object contains JavaScript
854.0@123455: suspicious.warning: object contains JavaScript
855.0@123552: suspicious.warning: object contains JavaScript
856.0@123659: suspicious.warning: object contains JavaScript
857.0@123756: suspicious.warning: object contains JavaScript
858.0@123863: suspicious.warning: object contains JavaScript
859.0@123960: suspicious.warning: object contains JavaScript
860.0@124067: suspicious.warning: object contains JavaScript
861.0@124164: suspicious.warning: object contains JavaScript
862.0@124271: suspicious.warning: object contains JavaScript
863.0@124368: suspicious.warning: object contains JavaScript
864.0@124475: suspicious.warning: object contains JavaScript
865.0@124572: suspicious.warning: object contains JavaScript
866.0@124679: suspicious.warning: object contains JavaScript
867.0@124776: suspicious.warning: object contains JavaScript
868.0@124883: suspicious.warning: object contains JavaScript
869.0@124980: suspicious.warning: object contains JavaScript
870.0@125087: suspicious.warning: object contains JavaScript
871.0@125184: suspicious.warning: object contains JavaScript
872.0@125291: suspicious.warning: object contains JavaScript
873.0@125388: suspicious.warning: object contains JavaScript
874.0@125495: suspicious.warning: object contains JavaScript
875.0@125592: suspicious.warning: object contains JavaScript
876.0@125699: suspicious.warning: object contains JavaScript
877.0@125796: suspicious.warning: object contains JavaScript
878.0@125903: suspicious.warning: object contains JavaScript
879.0@126000: suspicious.warning: object contains JavaScript
880.0@126107: suspicious.warning: object contains JavaScript
881.0@126204: suspicious.warning: object contains JavaScript
882.0@126311: suspicious.warning: object contains JavaScript
883.0@126408: suspicious.warning: object contains JavaScript
884.0@126515: suspicious.warning: object contains JavaScript
885.0@126612: suspicious.warning: object contains JavaScript
886.0@126719: suspicious.warning: object contains JavaScript
887.0@126816: suspicious.warning: object contains JavaScript
888.0@126923: suspicious.warning: object contains JavaScript
889.0@127020: suspicious.warning: object contains JavaScript
890.0@127127: suspicious.warning: object contains JavaScript
891.0@127224: suspicious.warning: object contains JavaScript
892.0@127331: suspicious.warning: object contains JavaScript
893.0@127428: suspicious.warning: object contains JavaScript
894.0@127535: suspicious.warning: object contains JavaScript
895.0@127632: suspicious.warning: object contains JavaScript
896.0@127739: suspicious.warning: object contains JavaScript
897.0@127836: suspicious.warning: object contains JavaScript
898.0@127943: suspicious.warning: object contains JavaScript
899.0@128040: suspicious.warning: object contains JavaScript
900.0@128147: suspicious.warning: object contains JavaScript
901.0@128244: suspicious.warning: object contains JavaScript
903.0@128405: suspicious.warning: object contains JavaScript
904.0@128502: suspicious.warning: object contains JavaScript
42.0@259270: suspicious.warning: object contains JavaScript
43.0@259342: suspicious.warning: object contains JavaScript
f95dd700310b398e27e31325809d9a8d view report Mr cropper F bill.pdf 235613 1        
22.0@6226: block size over 10MB
72ec137df1fbc1bfdabcee1ce04c9196 view report e95e70538443a318f2630a895cb4bd785e9af23ce130ce2a74ecc441479fcbb0:Maklerdienst_-_Maklerprofil.pdf: 1366503 18 J      
2618.0@8229: suspicious.javascript object
2619.0@8276: suspicious.javascript object
2620.0@8323: suspicious.javascript object
2621.0@8370: suspicious.warning: object contains JavaScript
2622.0@8861: suspicious.warning: object contains JavaScript
2623.0@9208: suspicious.warning: object contains JavaScript
1235.0@1101021: suspicious.javascript in XFA block
1235.0@1101021: suspicious.obfuscation toString
1235.0@1101021: suspicious.warning: object contains JavaScript
9c3f9a027d66d88cf8b17b2c3b67fd7a view report 34800085619791fb29f2858a7a1892dbad570155706ace1bb91251a4a7784b5c:HACK.pdf: 77468 7 J   P  
105.0@31955: suspicious.pdf embedded PDF file
105.0@31955: suspicious.warning: object contains embedded PDF
106.0@76175: suspicious.warning: object contains JavaScript
107.0@76279: pdf.exploit execute EXE file
107.0@76279: pdf.exploit access system32 directory
107.0@76279: pdf.exploit execute action command
107.0@76279: pdf.execute exe file
107.0@76279: pdf.execute access system32 directory