Friday, January 29, 2010

Jan 28 CVE-2009-4324 台美軍售最新情況.pdf The latest U.S. arms sales to Taiwan from shi9927@yahoo.com.tw Jan 28, 2010 10:45 PM

  1. Download 台美軍售最新情況.pdf as 401b4f707b8063b0c4b087c41716746b  -The latest U.S. arms sales to Taiwan.zip (password protected, please contact me if you need it)
  2. Download uncompressed (with pdf-parser.py) as 401b4f707b8063b0c4b087c41716746b-The latest U.S. arms sales to Taiwan.txt

Attachment name 
台美軍售最新情況.pdf

----- Original Message -----
From: shi9927@yahoo.com.tw
To: XXXXXXXXXX
Sent: Thursday, January 28, 2010 10:45 PM
Subject: 台美軍售最新情況

___________________________________________________
您的生活即時通 - 溝通、娛樂、生活、工作一次搞定!
http://messenger.yahoo.com.tw/

Headers
No headers info available for this post, unfortunately


Virustotal
http://www.virustotal.com/analisis/36e94022b007648137404500a2c3be69db93ebf64dfbb4986f48316d231b3ed0-1264781712
File ________________________.pdf received on 2010.01.29 16:15:12 (UTC)
Microsoft 1.5406 2010.01.29 Exploit:Win32/Pdfjsc.CW
nProtect 2009.1.8.0 2010.01.29 Exploit.PDF-JS.Gen.C02
Sunbelt 3.2.1858.2 2010.01.29 Exploit.PDF-JS.Gen (v)
Additional information
File size: 62182 bytes
MD5...: 401b4f707b8063b0c4b087c41716746b 

Wepawet
http://wepawet.iseclab.org/view.php?hash=401b4f707b8063b0c4b087c41716746b&type=js
Analysis report for �美�售最新情�.pdf
File �美�售最新情�.pdf
MD5 401b4f707b8063b0c4b087c41716746b
Analysis Started 2010-01-29 08:15:37
Report Generated 2010-01-29 08:15:38
Jsand 1.03.02 benign 




ViCheck.ca
 https://www.vicheck.ca/md5query.php?hash=401b4f707b8063b0c4b087c41716746b
Encrypted embedded executable with a key of 1024 bytes.
Exploit method detected as pdfexploit - PDF Exploit call to media.newPlayer CVE-2009-4324.


Here is a part of the java script (uncompressed with pdf-parser.py)



No comments:

Post a Comment