Mobile and print friendly view | Contagio Exchange - Contagio community malware dump

Monday, March 8, 2010

Mar 8 CVE-2010-0188 PDF China to participate in cross-strait relations seminar from spoofed titx@oa.tku.edu.tw

Details _.pdf - cdb5e82e4d07911f9add5cdcf817e9ed


From: 國際事務與戰略研究所 [mailto:titx@oa.tku.edu.tw]
Sent: Monday, March 08, 2010 8:54 PM
To: XXXXX
Subject: 敬邀參加兩岸關系研討會

From: International Affairs and Strategic Studies [mailto: titx@oa.tku.edu.tw]Sent: Monday, March 08, 2010 8:54 PMTo: XXXXXSubject: China to participate in cross-strait relations seminar

Header info
Received: from IBM-62979760B13 ([211.75.147.173])
    by msr39.hinet.net (8.9.3/8.9.3) with ESMTP id JAA10998
    for XXXXXXXXXXX Tue, 9 Mar 2010 09:53:32 +0800 (CST)
Reply-To: titx@oa.tku.edu.tw
From: "=?BIG5?B?sOq72qjGsMi7UL7UsqSs46hzqdI=?="

      Hostname:    mx3.imedia.com.tw
      ISP:    CHTD, Chunghwa Telecom Co., Ltd.
      Organization:    Ming Siang Printing Co., Ltd.
      Country:    Taiwan
      State/Region:    T'ai-pei
      City:    Taipei


Virustotal scans
Scan 1
 File _.pdf received on 2010.03.09 16:54:40 (UTC)
http://www.virustotal.com/analisis/be7578591f45418541d1e38b9389b3e35063a1cd61c1db489bac08e944bce258-1268153680
Result: 5/42 (11.90%)
eSafe     7.0.17.0     2010.03.09     PDF.Exploit
McAfee     5914     2010.03.08     Exploit-PDF.q.gen!stream
McAfee+Artemis     5915     2010.03.09     Exploit-PDF.q.gen!stream
Microsoft     1.5502     2010.03.09     Exploit:Win32/Pidief.AY
Additional information
File size: 80199 bytes
MD5   : cdb5e82e4d07911f9add5cdcf817e9ed


Scan 2
http://www.virustotal.com/analisis/be7578591f45418541d1e38b9389b3e35063a1cd61c1db489bac08e944bce258-1269343175

 File _.pdf received on 2010.03.23 11:19:35 (UTC)
Result: 24/42 (57.15%)
a-squared    4.5.0.50    2010.03.23    Exploit.JS.Pdfka!IK
AhnLab-V3    5.0.0.2    2010.03.23    PDF/Cve-2010-0188
AntiVir    8.2.1.196    2010.03.23    EXP/Pidief.bui
Antiy-AVL    2.0.3.7    2010.03.23    Exploit/JS.Pdfka
Authentium    5.2.0.5    2010.03.23    JS/ShellCode.AM
AVG    9.0.0.787    2010.03.23    Exploit_c.DEY
BitDefender    7.2    2010.03.23    Exploit.PDF-EXE.Gen
DrWeb    5.0.1.12222    2010.03.23    Exploit.PDF.758
eSafe    7.0.17.0    2010.03.21    PDF.Exploit
eTrust-Vet    35.2.7383    2010.03.23    PDF/Pidief.PR
F-Secure    9.0.15370.0    2010.03.23    Exploit.PDF-EXE.Gen
GData    19    2010.03.23    Exploit.PDF-EXE.Gen
Ikarus    T3.1.1.80.0    2010.03.23    Exploit.JS.Pdfka
Kaspersky    7.0.0.125    2010.03.23    Exploit.JS.Pdfka.bui
McAfee    5928    2010.03.22    Exploit-PDF.by
McAfee+Artemis    5928    2010.03.22    Exploit-PDF.by
McAfee-GW-Edition    6.8.5    2010.03.23    Exploit.Pidief.bui
Microsoft    1.5605    2010.03.23    Exploit:Win32/Pdfjsc.gen!B
Rising    22.40.01.04    2010.03.23    Hack.Exploit.PDF.aem
Sophos    4.51.0    2010.03.23    Troj/PDFJs-II
Sunbelt    6031    2010.03.22    Exploit.PDF.CVE-2010-0806 (v)  - nope, it is not (M)
Symantec    20091.2.0.41    2010.03.23    Trojan.Pidief.I
TrendMicro    9.120.0.1004    2010.03.23    TROJ_PDFKA.AR
VirusBuster    5.0.27.0    2010.03.22    JS.Crypt.UQBF
Additional information
File size: 80199 bytes
MD5...: cdb5e82e4d07911f9add5cdcf817e9ed


Wepawet
benign
http://wepawet.cs.ucsb.edu/view.php?hash=cdb5e82e4d07911f9add5cdcf817e9ed&type=js



No comments:

Post a Comment