Monday, May 10, 2010

May 10 CVE-2009-3129 XLS schedule of the defense industry evaluation from 0922750173@mail.ahccddi.org.tw


 Download  d4b98bda9c3ae0810a61f95863f4f81e  ATT39755.xls and all the files described below as a password protected archive (contact me if you need the password) 


From: ¤u¦X•|³ø [mailto:0922750173@mail.ahccddi.org.tw]
Sent: Monday, May 10, 2010 9:38 AM
To: XXXXXXXXXXX
Subject: 99下半年國防工業評鑑日期表

檢送99下半年國防工業評鑑日期表文件乙份,請查照!
                 蕭名槐  敬上
From: ¤ u | X • | ³ ø [mailto: 0922750173@mail.ahccddi.org.tw]
Sent: Monday, May 10, 2010 9:38 AM
To: XXXXXXXXXXX
Subject: 99 in the second half schedule of the defense industry evaluation

                                                                       Sincerely, Huai Hsiao

Headers
Received: (qmail 314 invoked from network); 10 May 2010 13:54:05 -0000
Received: from mailsnd3.chollian.net (HELO mailsnd3.chol.com) (203.252.1.124)
  by XXXXXXXXXXXXXXXXXXXwith SMTP; 10 May 2010 13:54:05 -0000
Received: (qmail 2745 invoked from network); Mon, 10 May 2010 22:53:58 +0900 (KST)
Received: from [202.65.223.202] (202.65.223.202)
  by mailsnd3.chol.com with ESMTP;
 Mon, 10 May 2010 22:53:58 +0900 (KST)
Message-ID: <1975e5623c$23fce32a$0ae1d8b4@0922750173212af2ce2>
From: "?u?X?|??" <0922750173@mail.ahccddi.org.tw>
To: XXXXXXXXXXXXXXXXXX
Subject: =?big5?B?OTmkVaVipn6w6qi+pHW3frX7xbKk6bTBqu0=?=
Date: Mon, 10 May 2010 21:37:50 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0009_01CAF089.0C84DC60"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579

202.65.223.202
Hostname:    static-ip-202-223-65-202.rev.dyxnet.com
ISP:    Genesis Net Limited
Organization:    Tsuen Wan
Type:    Broadband
Assignment:    Static IP
Country:    Hong Kong
 City:    Central District


  File ATT39755.xls received on 2010.06.03 11:27:14 (UTC)
http://www.virustotal.com/analisis/616b561b49258346ead431e34fb1925e2dbc11fb4620083efae92d7ed8e5333c-1275564434
Result: 7/41 (17.08%)
Jiangmin    13.0.900    2010.06.03    Heur:Exploit.CVE-2009-3129
Kaspersky    7.0.0.125    2010.06.03    Trojan-Dropper.MSExcel.Agent.bc
Heuristic.BehavesLike.Exploit.X97.CodeExec.FFLG
PCTools    7.0.3.5    2010.06.03    HeurEngine.MaliciousExploit
Symantec    20101.1.0.89    2010.06.03    Bloodhound.Exploit.306
TrendMicro    9.120.0.1004    2010.06.03    TROJ_EXELDROP.A
TrendMicro-HouseCall    9.120.0.1004    2010.06.03    TROJ_EXELDROP.A
Additional information
File size: 72192 bytes
MD5...: d4b98bda9c3ae0810a61f95863f4f81e


 Files created
%Userprofile%\LOCALS~1\Temp\wuauclt.exe  
 File: wuauclt.exe  Size: 31232   MD5:  D037500368207625E3FFEE16C50D60A7
%Userprofile%\LOCALS~1\Temp\ ATT39755.xls
File: ATT39755.xls Size: 13824 MD5:  75B495C8324C4DCF5A0B2CFCACC47971  == clean xls file

http://www.virustotal.com/reanalisis.html?1a15e1c3220e8d1800bb7b186e9d47f63aefd669cd0f1569a79982498d5d9ba6-1275579814
File wuauclt.exe-- received on 2010.06.02 00:43:59 (UTC)
Result: 4/41 (9.76%)
Microsoft 1.5802 2010.06.02 Backdoor:Win32/Ixeshe.A
Norman 6.04.12 2010.06.01 W32/Malware
TrendMicro 9.120.0.1004 2010.06.01 BKDR_IXESHE.SM
TrendMicro-HouseCall 9.120.0.1004 2010.06.02 BKDR_IXESHE.SM
Additional information
File size: 31232 bytes
MD5   : d037500368207625e3ffee16c50d60a7



 TCP traffic to 211.78.147.220

 
  Hostname:    ll-211-78-147-220.ll.sparqnet.net
ISP:    New Centry InfoComm Tech. Co., Ltd.
Organization:    Lill Guan Industry co., LTD
Type:    Broadband
Assignment:    Static IP
Country:    Taiwan
City:    Taichung


No comments:

Post a Comment