Monday, January 25, 2010

Jan 25 CVE-2009-4324 PLS Confirm your biography from

Download  cb9da3ce624c66cda70c9ba84b7e0040 biography.pdf as a password protected archive (please contact me if you need it)

-----Original Message-----
From: Jeffery ask []
Sent: Monday, January 25, 2010 9:55 PM
Subject: PLS Confirm your biography.

Dear Sir / Madam:

Congratulations!You have been  selected successfully for "Century Celebrity Network the most influential 500 people of 20th century "
listed by "Century Celebrity Network".Celebrity World Network is a celebrities and celebrities interactive introduction website, we are committed to creating a world's largest, most complete with celebrity information, forums, news, work, activities and awards ceremony site.
All the world's celebrities and their stories, works, achievements, are the world's wealth, for the world and leave this one than the wealth of future generations is of great significance. Celebrity Categories include: arts entertainment, sports, athletics, political and military, literature, religion, philosophy, business finance, doctors, martial artists, social celebrities, scientists and so on.

We will be so grateful if you could take some time to read your relevant description carefully to ensure the truth and integrity of the 20th century largest and most authoritative database.If there is something wrong,pls feel free to contact me.If you think the text we written is far from the truth and can't satisfy you,we will be appreaciate if you  could send a biography within 500 words by yourself.

Looking forward to your early reply.

Chou Zhi-wen, editor of Century Celebrity

File biography.pdf received on 2010.01.26 03:36:40 (UTC)
Result: 15/41 (36.59%)
AhnLab-V3     2010.01.25     PDF/Exploit
AntiVir     2010.01.25     HTML/Malicious.PDF.Gen
Avast     4.8.1351.0     2010.01.26    JS:Pdfka-VO
AVG     2010.01.25     Script/Exploit
BitDefender     7.2     2010.01.26     Trojan.Script.256073
F-Secure     9.0.15370.0     2010.01.25     Trojan.Script.256073
GData     19     2010.01.26     Trojan.Script.256073
Kaspersky     2010.01.26     Exploit.JS.Pdfka.bex
McAfee     5872     2010.01.25     Exploit-PDF.b.gen
McAfee+Artemis     5872     2010.01.25     Exploit-PDF.b.gen
McAfee-GW-Edition     6.8.5     2010.01.26     Script.Malicious.PDF.Gen
Microsoft     1.5405     2010.01.26     Exploit:Win32/Pdfjsc.DC
PCTools     2010.01.26     HeurEngine.MaliciousExploit
Symantec     20091.2.0.41     2010.01.26     Bloodhound.Exploit.288
Additional information
File size: 435947 bytes
MD5   : cb9da3ce624c66cda70c9ba84b7e0040
SHA1  : 98b177cc4c76232bd3a45cd2b57c52a0916cfbc9


File    biography.pdf
MD5    cb9da3ce624c66cda70c9ba84b7e0040
Analysis Started    2010-01-25 19:36:44
Report Generated    2010-01-25 19:37:45
Jsand 1.03.02    benign

EXECUTABLE SCAN: Embedded Executable (xor/full)
Encrypted embedded executable with a key of 512 bytes.
Exploit method detected as pdfexploit - PDF Exploit call to media.newPlayer CVE-2009-4324.
Confidence ranking: 100 (22 hits). 

 Libraries detected and exploit calls:
Embedded Executable This program must be run under Win32 [This program must be run under Win32]
Embedded Executable LoadLibraryA [LoadLibraryA]
Embedded Executable GetModuleHandleA [GetModuleHandleA]
Embedded Executable GetCommandLineA [GetCommandLineA]
Embedded Executable GetProcAddress [GetProcAddress]
Embedded Executable CreateProcessA [CreateProcessA]
Embedded Executable EnterCriticalSection [EnterCriticalSection]
Embedded Executable CloseHandle [CloseHandle]
Embedded Executable CreateFileA [CreateFileA]
Embedded Executable Advapi32.dll [Advapi32.dll]
Embedded Executable RegOpenKeyExA [RegOpenKeyExA]
Embedded Executable user32.dll [user32.dll]
Execute Shell Command [shell32.dll]
Embedded Executable KERNEL32 [KERNEL32]
Embedded Executable ExitProcess [ExitProcess]
Embedded Executable GetMessageA [GetMessageA]
Javascript obfuscation using unescape [unescape]
PDF Exploit suspicious use of util.printd CVE-2008-2992 [util.printd]
PDF Exploit call to media.newPlayer CVE-2009-4324 [media(.{1,24}?)newPlayer]

No comments:

Post a Comment