Malware Tracker [static + dynamic analysis]

PDFExaminer


Recent PDF malware detections. This list is delayed 2 weeks. +Submit one

MD5filenamesizeseverityjsflashembedencrypt
d366cf65f8889cb1b74e5988725f2acf view report 5088.pdf 723004 9 J      
53.0@69667: suspicious.warning: object contains JavaScript
54.0@69746: suspicious.warning: object contains JavaScript
55.0@69828: suspicious.warning: object contains JavaScript
56.0@69911: suspicious.warning: object contains JavaScript
57.0@69994: suspicious.warning: object contains JavaScript
58.0@70077: suspicious.warning: object contains JavaScript
59.0@70160: suspicious.warning: object contains JavaScript
95.0@293686: suspicious.warning: object contains JavaScript
99.0@294613: suspicious.warning: object contains JavaScript
ef7938bab4ef02e1fdf5ceaa95993073 view report CPBEX-V32Rr.pdf 586618 1        
3.0@15: block size over 10MB
ef7938bab4ef02e1fdf5ceaa95993073 view report CPBEX-V32Rr.pdf 586618 1        
3.0@15: block size over 10MB
f31b756b6fe7efc18951985102eb7dd9 view report maliciouspdf.pdf 7066 49 J      
6.0@437: suspicious.obfuscation using unescape
6.0@437: suspicious.obfuscation using substring
6.0@437: pdf.exploit util.printf CVE-2008-2992
6.0@437: suspicious.warning: object contains JavaScript
56f6e29d893aef5810380520bd74ce1d view report CVE-2018-4990.pdf 27964 17 J      
1.0@19: suspicious.obfuscation toString
1.0@19: suspicious.obfuscation using app.setTimeOut to eval code
1.0@19: suspicious.warning: object contains JavaScript
23.0@9614: pdf.exploit Corrupted JPEG2000 CVE-2018-4990
b04197a362ebb27b5b5907406e6f9176 view report CRA01 - Confirmation of Residential or Business Address for Online Completion - External Form.pdf 324401 25 J      
65.0@30227: suspicious.javascript in XFA block
65.0@30227: suspicious.obfuscation toString
65.0@30227: suspicious.obfuscation using substr
65.0@30227: suspicious.obfuscation using String.replace
65.0@30227: suspicious.obfuscation using substring
65.0@30227: suspicious.warning: object contains JavaScript
187.0@177390: suspicious.warning: object contains JavaScript
188.0@177883: suspicious.warning: object contains JavaScript
189.0@178231: suspicious.warning: object contains JavaScript
bdb38a42852935fd7f587b905eed8f08 view report malware.pdf 46177 7 J   P  
8.0@798: suspicious.pdf embedded PDF file
8.0@798: suspicious.warning: object contains embedded PDF
9.0@44939: suspicious.warning: object contains JavaScript
10.0@45046: pdf.exploit execute EXE file
10.0@45046: pdf.exploit access system32 directory
10.0@45046: pdf.exploit execute action command
10.0@45046: pdf.execute exe file
10.0@45046: pdf.execute access system32 directory
703339ae1b7991db802916e80dde7c15 view report xia2017.pdf 1802240 6        
96.0@132673: block size over 10MB
98.0@536631: block size over 10MB
117.0@567945: block size over 10MB
119.0@1218694: block size over 10MB
142.0@1684670: block size over 10MB
143.0@1705593: block size over 10MB
d296b057f61748121fc6986ddef32982 view report WWW-preprint.pdf 1156448 7        
68.0@38641: suspicious.obfuscation using eval
83.0@75264: suspicious.obfuscation using eval
703339ae1b7991db802916e80dde7c15 view report xia2017.pdf 1802240 6        
96.0@132673: block size over 10MB
98.0@536631: block size over 10MB
117.0@567945: block size over 10MB
119.0@1218694: block size over 10MB
142.0@1684670: block size over 10MB
143.0@1705593: block size over 10MB
a4cb46bf5afe72acae31bde3e36f8ce6 view report 5-6-2019.pdf 61459 1        
3.0@9: suspicious.embedded external content
1503429e0d29a7d755a008f90268afa7 view report SNOC TEST.pdf 6210 49 J      
6.0@409: suspicious.obfuscation using unescape
6.0@409: suspicious.obfuscation using substring
6.0@409: pdf.exploit util.printf CVE-2008-2992
6.0@409: suspicious.warning: object contains JavaScript
97ccac199b8893380e14b0583596abb6 view report whatami 14781 7 J      
43.0@11907: suspicious.obfuscation using substr
43.0@11907: suspicious.javascript in XFA block
43.0@11907: suspicious.warning: object contains JavaScript
fe042b2ba7354e14a6abe641c6fa44dc view report MALWARE-desc_4357_VA.pdf 169009 1        
4.0@163540: suspicious.embedded external content
fe042b2ba7354e14a6abe641c6fa44dc view report MALWARE-desc_4357_VA.pdf 169009 1        
4.0@163540: suspicious.embedded external content