Mobile and print friendly view | Contagio Exchange - Contagio community malware dump

Monday, December 28, 2009

Dec. 28 CVE-2009-4324 Adobe 0 Day best wishes from delaney955@yahoo.com Mon, 28 Dec 2009 22:28:01 PST




Download CVE-2009-4324 samples. (Password protected archive. Use the same password you used on the CVE-2009-4324 samples or contact me for the password)

Details: best wishes.pdf - 4661f1f3553899edd953e448bcab3078

There are many poorly written postcards for this zero day CVE-2009-4324, here is one more and probably the last one.


From: Delaney Kay [mailto:delaney955@yahoo.com]
Sent: Tuesday, December 29, 2009 1:28 AM
To: delaney955@yahoo.com
Subject: Subject: best wishes

   Wishing  you  and  your family a happy and safe
 holiday seasion  and productivein 2010. Keep in turch. 





Header
....

Message-ID: <17923.50107.qm@web113713.mail.gq1.yahoo.com>
X-YMail-OSG: Voj83UAVM1lj5wcWDDfxnTXciEB.Tz43m7cn1bmxPR3TomSN1ieJ8sWLZjemEVix0QEzcSZnmMwuuuQiIMI3.eLY1TEWRZ1r87.X5Jg0PUG8h0JXvdhSRfI8IiJqtRgrkw_zPUVEveLx4apk4Ki15C1OktHfhVcrED6cezizsSUg1ew3ZkawfihF_PzxD4edBlTrT7Scw6aVLB41TYgu_e0q.ujIi00g6lUdXMYmETxjVrq7Fy.L5YN8EohXCTjdqA8FqUZe2Em0ycBwS1pYT9mzBZugisg-
Received: from [222.122.12.32] by web113713.mail.gq1.yahoo.com via HTTP; Mon, 28 Dec 2009 22:28:01 PST
X-Mailer: YahooMailRC/240.3 YahooMailWebService/0.8.100.260964
Date: Mon, 28 Dec 2009 22:28:01 -0800 (PST)
From: Delaney Kay
Subject: Subject:   best wishes
To: delaney955@yahoo.com


Hostname: 222.122.12.32
ISP: Korea Telecom
Organization: Korea Telecom
Geo-Location Information
Country: Korea, Republic of  
State/Region: 13
City: Bucheon 



Virustotal
http://www.virustotal.com/analisis/dbf74b121f875eb136f12216387ccde1f19344aa98c2b266985677e5764a75ac-1262627472
File best_wishes.pdf received on 2010.01.04 17:51:12 (UTC)
Result: 3/41 (7.32%)
BitDefender     7.2     2010.01.04     Exploit.PDF-JS.Gen
F-Secure     9.0.15370.0     2010.01.04     Exploit.PDF-JS.Gen
GData     19     2010.01.04     Exploit.PDF-JS.Gen
Additional information
File size: 9170 bytes
MD5   : 4661f1f3553899edd953e448bcab3078

Wepawet
http://wepawet.cs.ucsb.edu/view.php?hash=4661f1f3553899edd953e448bcab3078&type=js

File    best wishes.pdf
MD5    4661f1f3553899edd953e448bcab3078
Analysis Started    2010-01-04 10:11:08
Report Generated    2010-01-04 10:11:23
Jsand 1.03.02    malicious
doc.media.newPlayer    Use-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2    CVE-2009-4324

Additional (potential) malware:
http://www.jiandaonet.com/j001/zk.exe


Virustotal analysis of zk.exe - a1a1764e73a294b717e2a4a0d2a57fc0
http://www.virustotal.com/analisis/27b5ba67b0776bf3d4ecd023d2ee6a16fe2f4bef579e100f28424cc6a77356d4-1262666275
File zk.exe received on 2010.01.05 04:37:55 (UTC)
Result: 0/41 (0%)
File size: 151040 bytes
MD5...: a1a1764e73a294b717e2a4a0d2a57fc0
trid..: Autodesk FLIC Image File (extensions: flc, fli, cel) (100.0%)

No comments:

Post a Comment