Wednesday, March 24, 2010

Mar 24 CVE-2008-0081 XLS 2010_ beauty calendar from navy_kidds@yahoo.com.tw

Download 7d5b0b8274e189d406cc3374f994e441 - 2010_.xls as a password protected archive (please contact me if you need the password)

2010_ beauty calendar

 From: bruce Mr. [mailto:navy_kidds@yahoo.com.tw]
Sent: Wednesday, March 24, 2010 4:44 AM
To XXXXX
Subject: 2010_美女月曆
Importance: Low



 







Headers
Received: from [203.188.203.171] by t2.bullet.mail.tp2.yahoo.com with NNFMP; 24 Mar 2010 08:44:02 -0000
Received: from [127.0.0.1] by omp104.mail.tp2.yahoo.com with NNFMP; 24 Mar 2010 08:43:51 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 403351.51908.bm@omp104.mail.tp2.yahoo.com

      
Hostname:    omp104.mail.tp2.yahoo.com
      ISP:    TAIPEI, TAIWAN
      Organization:    TAIPEI, TAIWAN
      Country:    Taiwan
      State/Region:    T'ai-pei
      City:    Taipei



Virustotal
http://www.virustotal.com/analisis/829b04fe2362b07185694f08d25e91372d95afc9540df9247b58157a46da4c02-1269464469
 File 2010_.xls received on 2010.03.24 21:01:09 (UTC)
Result: 12/42 (28.58%)
a-squared    4.5.0.50    2010.03.24    Exploit.MSExcel.Agent!IK
Antiy-AVL    2.0.3.7    2010.03.24    Exploit/MSExcel.Agent
Authentium    5.2.0.5    2010.03.24    MSExcel/Dropper.B!Camelot
Comodo    4372    2010.03.24    UnclassifiedMalware
F-Prot    4.5.1.85    2010.03.24    File is damaged
Fortinet    4.0.14.0    2010.03.24    MSExcel/UDDesc.A!exploit.M20080081
Ikarus    T3.1.1.80.0    2010.03.24    Exploit.MSExcel.Agent
Kaspersky    7.0.0.125    2010.03.24    Exploit.MSExcel.Agent.u
McAfee    5930    2010.03.24    Exploit-MSExcel.h
McAfee+Artemis    5930    2010.03.24    Exploit-MSExcel.h
McAfee-GW-Edition    6.8.5    2010.03.24    Heuristic.BehavesLike.Exploit.OLE2.CodeExec.PGPG
File size: 109184 bytes
MD5...: 7d5b0b8274e189d406cc3374f994e441



Officemalscanner results
 

2 comments:

  1. Mila, the download link is wrong, leads to "CVE-2010-0188 PDF 2010-03-08 cdb5e82e4d07911f9add5cdcf817e9ed.zip".

    And which is the best way to contact you for password?

    ReplyDelete
  2. I fixed the link, thank you for noticing. See my profile above on the right - there are several ways to contact me.

    ReplyDelete