Clicky

Pages

Tuesday, June 12, 2012

90 CVE-2012-0158 documents for testing and research.



While working on a project unrelated to Contagio, I collected a number of CVE-2012-0158 exploit documents (mostly RTF) via going through my own collection and what was shared (and publicly sharable) by Contagio readers. This post contains 90 files, mostly APT targeted but I did not analyze all and cannot guarantee that. These are CVE-2012-0158 exploits for files from April-June 2012. Some of them were already posted on Contagio.
The files inside the zip are named by SHA256_original file name.doc. I think I will be using SHA256 now for naming because it is more standard now and  it is much easier to auto generate VT links. The table below shows everything inside the archive with auto generated Virustotal links.
Some of them had Japanese and Chinese names that are now translated in English (with (JP) and (CN) in the name)


  Download all the files listed above (email if you need the password)
- thanks to all for sharing


Older similar collections for testing and research are here Version 4 April 2011 - 11,355+ Malicious documents - archive for signature testing and research


P.S. ok, these are actually cve-2010-3333. I will not remove them but fyi (thanks to xecure-lab.com)
  1. ec8b9c68872257cec2552ac727348c09314658d9497085f8a19f58004476c9b8_info.doc
  2. abbd1fa4dde11b94360338de8b5a2af7b09c6149ce1633797da825d5843cea7f_Criteria.doc
  3. 125b8babb6ee4442efc75a5688c6bb5d0c71f8a685bcdff6b4043f3a829e65eb_Oded - Working.rtf
P.P.S.  and Paul Baccas from Sophos pointed out that these two are not true exploits but RTF delivery for Buzus (thanks).


  1. 12d574de18f6820ba0d8d566152edb32386b86dde9f3ef7d1004c775b3b34dea_IMG_0056.doc
  2. 300649da673828756cfda29f332d7b39f272c1dd308f0087162e9d58fbacac1f_300649da673828756cfda29f332d7b39f272c1dd308f0087162e9d58fbacac1f.rtf

CVE-2012-0158
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability." 



FileNameMD5 File DateSHA256VT

info.doc9976e02d259977f61d951f122d284f986/12/2012 7:18ec8b9c68872257cec2552ac727348c09314658d9497085f8a19f58004476c9b8https://www.virustotal.com/file/ec8b9c68872257cec2552ac727348c09314658d9497085f8a19f58004476c9b8/analysis/1339503145/

Working.rtf3d93144280b3786b3c8ccb56e16589036/12/2012 7:18125b8babb6ee4442efc75a5688c6bb5d0c71f8a685bcdff6b4043f3a829e65ebhttps://www.virustotal.com/file/125b8babb6ee4442efc75a5688c6bb5d0c71f8a685bcdff6b4043f3a829e65eb/analysis/1339503145/

Urgent-4.doc834bc3fab010c4204eade63f8cf4d9616/12/2012 7:16724fc02491527aa6c7bd0680d532b12d9e5827d55f3ef29f34afc76675688dbehttps://www.virustotal.com/file/724fc02491527aa6c7bd0680d532b12d9e5827d55f3ef29f34afc76675688dbe/analysis/1339503145/

FAX12-0611.docb702d9ef16515e6afda39886b92f28d76/12/2012 0:595f804599a82620306ae0f23b5e6a474ed117b1d2de23756375cb29d11bd6cb33https://www.virustotal.com/file/5f804599a82620306ae0f23b5e6a474ed117b1d2de23756375cb29d11bd6cb33/analysis/1339503145/

a1.doc3d2e43d2428ae995583b56e6f9dd554b6/11/2012 23:17ef7a4715bde2bd1891f7abbfa6178c6f4f5408710c86d5af3d2f73d7a620df36https://www.virustotal.com/file/ef7a4715bde2bd1891f7abbfa6178c6f4f5408710c86d5af3d2f73d7a620df36/analysis/1339503145/

f-11.06.2012-b.doc50fa7718e6d4c02918ce99934851555d6/11/2012 22:04ae0aadee2ac0bc9d86c6e44d5483a56ce950d3ef55220ef5a1e1daace9a276e9https://www.virustotal.com/file/ae0aadee2ac0bc9d86c6e44d5483a56ce950d3ef55220ef5a1e1daace9a276e9/analysis/1339503145/

Some adjustments for the delivering of SY Special Edition.doc22be659b04fe7c5eb15c59e187eef68f6/11/2012 19:0547a92339fff733f2dad34320e9effc788d1f5e24978d08a66ae5096e44e6595ehttps://www.virustotal.com/file/47a92339fff733f2dad34320e9effc788d1f5e24978d08a66ae5096e44e6595e/analysis/1339503145/

Threat_asessment_of_Pak_missile_test.doc4529dc155b3f068452c4f4b818529aa36/11/2012 7:1318656e3fded4547c5c2c29ae2bb27af7bf8cdef48a1243507a337e32017b27e3https://www.virustotal.com/file/18656e3fded4547c5c2c29ae2bb27af7bf8cdef48a1243507a337e32017b27e3/analysis/1339503145/

IMGcd31be601217c9383539296de3effbc96/11/2012 7:1212d574de18f6820ba0d8d566152edb32386b86dde9f3ef7d1004c775b3b34deahttps://www.virustotal.com/file/12d574de18f6820ba0d8d566152edb32386b86dde9f3ef7d1004c775b3b34dea/analysis/1339503145/

(JP)Heavy rain to prevent Raiders.doc5a6ad516c934dea1a0c7d5106c90fdb36/11/2012 7:12414521118a6904b46c615d8eddbace1b11f41a81fe2c97c3240a628225966a4chttps://www.virustotal.com/file/414521118a6904b46c615d8eddbace1b11f41a81fe2c97c3240a628225966a4c/analysis/1339503145/

schedule2012.doc344583eaf35f23af70de4399b66516926/11/2012 7:1281cd39ab61d6a3349e9159ad38fa9c1e0c4164051bc4b6b641ed87ae73334339https://www.virustotal.com/file/81cd39ab61d6a3349e9159ad38fa9c1e0c4164051bc4b6b641ed87ae73334339/analysis/1339503145/

(JP)A new report on fake parts that flows from China.docb359e8ece407f4c5ecc0ea514115dc1a6/11/2012 7:1190783e18359036fe3ea5bb169fefe63b2dd5541e397dd94ffb7bc0551d8a5ff5https://www.virustotal.com/file/90783e18359036fe3ea5bb169fefe63b2dd5541e397dd94ffb7bc0551d8a5ff5/analysis/1339503145/

the first draft of the finance track paragraphs of the Leaders.doc30478a574a2bef5ad96e8f3c1e615e116/11/2012 7:091d5e19534a7c778d96416a45f14b5a30305d31f6509a6e7cb1f0634a8a5c8ff1https://www.virustotal.com/file/1d5e19534a7c778d96416a45f14b5a30305d31f6509a6e7cb1f0634a8a5c8ff1/analysis/1339503145/

(CN)Oceanic Administration this week, news aggregate.doc2e73de596de1da786e92a0fb88a855146/11/2012 7:09f66eb92b1c451031c35d8ebab021eee28dd1e0d10ac4a3ca974479f2301e33f6https://www.virustotal.com/file/f66eb92b1c451031c35d8ebab021eee28dd1e0d10ac4a3ca974479f2301e33f6/analysis/1339503145/

wordfile.doc106c824f75d633715d99715dace879446/11/2012 7:08bf339ce77e04ef4e610aaca056a7359922fb63d70dd6340a5af90ab1068e2ef8https://www.virustotal.com/file/bf339ce77e04ef4e610aaca056a7359922fb63d70dd6340a5af90ab1068e2ef8/analysis/1339503145/

wordfile.doc5906590ec1d17f026c0b7dd0e9573a076/11/2012 7:08993f6a0cbe65f6c52c30b40ef4d01db1992bd747ff37ced679b7639e473de503https://www.virustotal.com/file/993f6a0cbe65f6c52c30b40ef4d01db1992bd747ff37ced679b7639e473de503/analysis/1339503145/

The Chiefs Revelation11.6.12.docb28c19037bf7ff38902287081ca24b936/11/2012 7:0726a9b4b17c366e797bdaf287a518eb7cd39bd0f261f31595d5386945b10e5bf9https://www.virustotal.com/file/26a9b4b17c366e797bdaf287a518eb7cd39bd0f261f31595d5386945b10e5bf9/analysis/1339503145/

Flame of Truth Schedule.docb3f16415949af5debb614d241955300f6/10/2012 11:03122896c8534ae22ba7b5ae44613a4d40109f3f4537fa70aa01b3388125d8a078https://www.virustotal.com/file/122896c8534ae22ba7b5ae44613a4d40109f3f4537fa70aa01b3388125d8a078/analysis/1339503145/

Event description for June 5th 2012.doc800482d627a7fa7a5b42be8115c971506/10/2012 11:0318a2f27648049d21bfed145a70bf94058b42ac5a44b8d79dc558e493d14772dchttps://www.virustotal.com/file/18a2f27648049d21bfed145a70bf94058b42ac5a44b8d79dc558e493d14772dc/analysis/1339503145/

the Central Tibetan Administration Information.doc26c0385c1f46dad492f4cd2ed88e41806/10/2012 11:032c5bd05c260a902655246571c18293175e956e3ef20bc268acf011cc9162f4dahttps://www.virustotal.com/file/2c5bd05c260a902655246571c18293175e956e3ef20bc268acf011cc9162f4da/analysis/1339503145/

ICT press release, 29 May 2012.doc778fb3152d9448a1d1cb29b6cac24fc36/10/2012 11:03413aa7675bfbbf8471ec899152beadedb129fdb9780b23565b60ade208f68a18https://www.virustotal.com/file/413aa7675bfbbf8471ec899152beadedb129fdb9780b23565b60ade208f68a18/analysis/1339503145/

HHDL's Birthday Celebration.doca917519225a6a0696f77f00a3d0db8e16/10/2012 11:03ae1a091c2ddf77c37db3274f649c53acfd2a0f14780479344d808d089faa809ahttps://www.virustotal.com/file/ae1a091c2ddf77c37db3274f649c53acfd2a0f14780479344d808d089faa809a/analysis/1339503145/

WPCT8b886cd1d0730c24eee95ea2bdd733006/10/2012 11:029bfa3eeba7a8c7b891830c88115998739a23024952fa28448409134466ed9c52https://www.virustotal.com/file/9bfa3eeba7a8c7b891830c88115998739a23024952fa28448409134466ed9c52/analysis/1339503145/

1.docf674a68ca5467f8f1ee4dff4977847d46/9/2012 21:37ffeb001877c0b798834b88b6c4615ab622162dff6f9139fcacc5764a8ffc3e4dhttps://www.virustotal.com/file/ffeb001877c0b798834b88b6c4615ab622162dff6f9139fcacc5764a8ffc3e4d/analysis/1339503145/

noHOPE.rtff471576f9da96f7dd07fb52c1e904b4a6/9/2012 21:37f8bd7b64e0b2907e049c29cc5b1dd87d12b85a0f88c07b6117765bdb672e6410https://www.virustotal.com/file/f8bd7b64e0b2907e049c29cc5b1dd87d12b85a0f88c07b6117765bdb672e6410/analysis/1339503145/

KasperskySave.doc8176784695baa0dad324385ff0f94c1c6/9/2012 21:37ee8c4d9718f6518c2defa3fe699c85e7a85693e4a2c8d6c27721fde7a16fc266https://www.virustotal.com/file/ee8c4d9718f6518c2defa3fe699c85e7a85693e4a2c8d6c27721fde7a16fc266/analysis/1339503145/

DASHAJUGUN.doc9fa053b403439ed0c74fe1bac6de20f26/9/2012 21:37f6f1b014b8fc0979eab958fe28e0e7f4904f7b9a1e2ad95cf1b937707411db0chttps://www.virustotal.com/file/f6f1b014b8fc0979eab958fe28e0e7f4904f7b9a1e2ad95cf1b937707411db0c/analysis/1339503145/

(CN)For man must.docfa8b7e5c180495d650321a4fdec51a4c6/9/2012 21:37c551dad4283e595074ff43544befa98289360d284ea23371936bc9e816dbead3https://www.virustotal.com/file/c551dad4283e595074ff43544befa98289360d284ea23371936bc9e816dbead3/analysis/1339503145/

Chinas military capabilities.rtfbfcabc26b1a88949f10df5df24a3003f6/9/2012 21:37c2ef015b2946bf4bab19bae677b5f1e9687cf48556c7b5e6643a4e46b28ac8cbhttps://www.virustotal.com/file/c2ef015b2946bf4bab19bae677b5f1e9687cf48556c7b5e6643a4e46b28ac8cb/analysis/1339503145/

GLOBAL Security Drill.doc37cde51d1efbf0175a34381edbff373c6/9/2012 21:37c270e9e1487ba79a7aa87794458c2bfa20044aba18f3b01f62dbaaa4d4773676https://www.virustotal.com/file/c270e9e1487ba79a7aa87794458c2bfa20044aba18f3b01f62dbaaa4d4773676/analysis/1339503145/

2KasperskySave.doc0cd358be3fb2a33b00f940355682d9ea6/9/2012 21:37bf37fe974dcf2e4139999d49649b72a310327bfcd8b039e86bd8331486f98cabhttps://www.virustotal.com/file/bf37fe974dcf2e4139999d49649b72a310327bfcd8b039e86bd8331486f98cab/analysis/1339503145/

2DASHAJUGUN.docacbd4d7fedf64a08d8bef638e4ad87a06/9/2012 21:37b901e89ccbc83c15cc4285dd59a8f93e38f697b33f864aed0dfbd6b230c7ba37https://www.virustotal.com/file/b901e89ccbc83c15cc4285dd59a8f93e38f697b33f864aed0dfbd6b230c7ba37/analysis/1339503145/

Military Report Proposed 2012 Raises, DoD Seeks TRICARE Fee Increase, and More.doc252ff688affff8ea3ce54b4ed76dc2976/9/2012 21:36b4ecb7fe15f366d3da578342eceb4bb042a004edea849055ba4022afabe43cefhttps://www.virustotal.com/file/b4ecb7fe15f366d3da578342eceb4bb042a004edea849055ba4022afabe43cef/analysis/1339503145/

NDCP Seminar.docb64dd90797af93862eb8d5f447a0dbbe6/9/2012 21:36b621f8bc9efcfeb1a4cc784bf97929aca565bb6adccf72a78d68324fc7b98fc0https://www.virustotal.com/file/b621f8bc9efcfeb1a4cc784bf97929aca565bb6adccf72a78d68324fc7b98fc0/analysis/1339503145/

3KasperskySave.doc7d09f844ba5bc6e71249e139eaeca0b06/9/2012 21:36b3cdf8b4b0790ace716adfe85832b2b48452a76da2130f622cce0d1c1a799198https://www.virustotal.com/file/b3cdf8b4b0790ace716adfe85832b2b48452a76da2130f622cce0d1c1a799198/analysis/1339503145/

Fax to UNESCO.doc78f8a8e33ec076cd775dfd244aeb59cb6/9/2012 21:36aef19d6dbc817a2e2db92a7475bc343cde924a96227322d83b92d2a63776984ahttps://www.virustotal.com/file/aef19d6dbc817a2e2db92a7475bc343cde924a96227322d83b92d2a63776984a/analysis/1339503145/

70.doc9c19284f782d2d1cc5c99df5eb42b35f6/9/2012 21:36aadc2d721158a11e1ccfbf658fc537ca55d11457138cb857350d3147aa87000bhttps://www.virustotal.com/file/aadc2d721158a11e1ccfbf658fc537ca55d11457138cb857350d3147aa87000b/analysis/1339503145/

tifesers6exe.doc07b21a879ec401f73342d807cd4f62986/9/2012 21:36a1fe61e2e84a7683ab3536934d2bdf27f6eb7c516744c4491f72c1ef3d00babbhttps://www.virustotal.com/file/a1fe61e2e84a7683ab3536934d2bdf27f6eb7c516744c4491f72c1ef3d00babb/analysis/1339503145/

zombie.doc8cff2b676485ae9841d9225c2cf33a9a6/9/2012 21:36a0e7d3195549113d336540b331d120c5d139246979589b84fe846cbebe57cd0bhttps://www.virustotal.com/file/a0e7d3195549113d336540b331d120c5d139246979589b84fe846cbebe57cd0b/analysis/1339503145/

Daily Report.doc6b8cb31177453108e5bc24ed00d49a886/9/2012 21:3695b04ff6c9c0fb67cb3f6e344033fccd99dbec89484fd32e5757b6df408d1f29https://www.virustotal.com/file/95b04ff6c9c0fb67cb3f6e344033fccd99dbec89484fd32e5757b6df408d1f29/analysis/1339503145/

Copy of rtf.docf482e5a32c731269cebc3e5d77605b566/9/2012 21:368fc776fb555310edd5d1deddde805d897bc362e721df1d61dce5764ec92ae3d9https://www.virustotal.com/file/8fc776fb555310edd5d1deddde805d897bc362e721df1d61dce5764ec92ae3d9/analysis/1339503145/

manonled.doc247838e882b8ad751c86f3910619fd856/9/2012 21:3687cc5ddbb9e0bac834f6f605eaaf7d91b32c5caa3eec27f976141e11b4c311echttps://www.virustotal.com/file/87cc5ddbb9e0bac834f6f605eaaf7d91b32c5caa3eec27f976141e11b4c311ec/analysis/1339503145/

rethende9.tmp.doc07728a4176385e625594ebac3d79cab96/9/2012 21:3685dacc49484488d763d35a4eadcb25584f91b6fc65159e9a0009d2721f597be1https://www.virustotal.com/file/85dacc49484488d763d35a4eadcb25584f91b6fc65159e9a0009d2721f597be1/analysis/1339503145/

invitation card.doc8bd20450924ba5d7e119bb82ae46f9a66/9/2012 21:3685b391b49705be8972ed6daed118d13093c98d2ee00b6b3c581605000341b7edhttps://www.virustotal.com/file/85b391b49705be8972ed6daed118d13093c98d2ee00b6b3c581605000341b7ed/analysis/1339503145/

Den cuoi nam 2012 se trien khai he thong E-manifest.doc7f23393ed9f0e70e7234903066c7e9af6/9/2012 21:3683511d4c4134193cd2db2ffac77ef2d8ee142a0219ecf1b687dfb5758318137dhttps://www.virustotal.com/file/83511d4c4134193cd2db2ffac77ef2d8ee142a0219ecf1b687dfb5758318137d/analysis/1339503145/

ttrarncto.sy.doc72c797135a9512e6a716299c6f1099d36/9/2012 21:36823fafef6d2924336fdfd9af45437e625ce66de79f594da864b1d964180dfb10https://www.virustotal.com/file/823fafef6d2924336fdfd9af45437e625ce66de79f594da864b1d964180dfb10/analysis/1339503145/

template.pdf.doc1a934b2d864764c31581b82f264466706/9/2012 21:367f4973adfda8585f0a77973174f4d44716e40947e2e4cde264e9819607e9e37fhttps://www.virustotal.com/file/7f4973adfda8585f0a77973174f4d44716e40947e2e4cde264e9819607e9e37f/analysis/1339503145/

4KasperskySave.docb27108485ac042d54b1711d0f30080e66/9/2012 21:367ff1f836acadb5d9c61ce557c7b52d0fa74309391d3e6694eb6815b6ff90906fhttps://www.virustotal.com/file/7ff1f836acadb5d9c61ce557c7b52d0fa74309391d3e6694eb6815b6ff90906f/analysis/1339503145/

(JP)Medical examination report.doc61be158fb2e20fbf5437e0deec6307aa6/9/2012 21:367eb1defca13801b8afb0674305f4292aa9f2f80f295f8c7ff135d887ad477b64https://www.virustotal.com/file/7eb1defca13801b8afb0674305f4292aa9f2f80f295f8c7ff135d887ad477b64/analysis/1339503145/

thanf0.dl.doc31904ef8865c0c69691e24e3d0489f9b6/9/2012 21:357cc7c9a30c4c1b0354943190f59bf2127e90f26f991011d964532b9b02b8e449https://www.virustotal.com/file/7cc7c9a30c4c1b0354943190f59bf2127e90f26f991011d964532b9b02b8e449/analysis/1339503145/

Conference Notice - JTF Mindanano.doc285e352f660637e91012e8f9517dc4466/9/2012 21:35773d4d4474c7485508dd72cc53a99bb4f92c7cabb280f5ee72333fb6a23eacd4https://www.virustotal.com/file/773d4d4474c7485508dd72cc53a99bb4f92c7cabb280f5ee72333fb6a23eacd4/analysis/1339503145/

MH 40 TE.doc9122869856bf4d796b598ba0a39625076/9/2012 21:3568201a40ebd12cd1206a1b40e8757695d1b70f4774f32f1b1d265e76ae4d63c4https://www.virustotal.com/file/68201a40ebd12cd1206a1b40e8757695d1b70f4774f32f1b1d265e76ae4d63c4/analysis/1339503145/

msf.doc8fc6c367760bd4afeaeddb3bc80d29d16/9/2012 21:356d884992b40fc4465a5f727b85a78ce7276ee22142b716443939f5fe82495b2dhttps://www.virustotal.com/file/6d884992b40fc4465a5f727b85a78ce7276ee22142b716443939f5fe82495b2d/analysis/1339503145/

treyen.ht.doc0cd7a60ef73da4e7dac81a26031e6b556/9/2012 21:355f844795ec244cbaba4c322b9fc3e1aa92f17c002573d3f37d78d9887638e3c2https://www.virustotal.com/file/5f844795ec244cbaba4c322b9fc3e1aa92f17c002573d3f37d78d9887638e3c2/analysis/1339503145/

god.doc470d82818255a7d5497bf2a64b42ba3e6/9/2012 21:3557856e1c8ceb96c12acba7255ec84690ef8ca02125debc44ecb0cb421ead5489https://www.virustotal.com/file/57856e1c8ceb96c12acba7255ec84690ef8ca02125debc44ecb0cb421ead5489/analysis/1339503145/

(JP)Neck to relieve office operation.docc4ff6611344f4da74b7721252b56ee5b6/9/2012 21:3553cc8d14f8db451688fca340058ea711eb6613e77c104815e58277a3a0006bcehttps://www.virustotal.com/file/53cc8d14f8db451688fca340058ea711eb6613e77c104815e58277a3a0006bce/analysis/1339503145/

MCIP Online Collaboration 8 MAY 2012.doc903ce4eb8982b4d5ac3544bfc6b2ade86/9/2012 21:3550b3c9084689cec956fbf776aff69482fa6b3d3128d1b7172508cd359b3b7470https://www.virustotal.com/file/50b3c9084689cec956fbf776aff69482fa6b3d3128d1b7172508cd359b3b7470/analysis/1339503145/

god (2).doc81ad741c9bb55958097bb9d91712479c6/9/2012 21:3552b3e60381f67ad88f16be94d2fcc47cf7fba54fc9b6b5e62d4808984680c736https://www.virustotal.com/file/52b3e60381f67ad88f16be94d2fcc47cf7fba54fc9b6b5e62d4808984680c736/analysis/1339503145/

thenemer3.htm.docf5b4b62883e5cabdc229c73837fa4fae6/9/2012 21:354de48795ce2e11d29d04a6fccaee1d7b4d50d46a149335f8bbeca34c8411c0bchttps://www.virustotal.com/file/4de48795ce2e11d29d04a6fccaee1d7b4d50d46a149335f8bbeca34c8411c0bc/analysis/1339503145/

Doc1.rtf651fbe1f46cd542761a2f82a0bd40a806/9/2012 21:353c20216bab7a1ec7b8eabc81fae72c188eaf38b4640cf838bf2e8716b11d2bfehttps://www.virustotal.com/file/3c20216bab7a1ec7b8eabc81fae72c188eaf38b4640cf838bf2e8716b11d2bfe/analysis/1339503145/

wongs1.doc75d47b09d50cf0bf9632bb62142657bd6/9/2012 21:354722232c8f90d38174baf71697c2c4ecab511629b782f869069cd2b7824080f5https://www.virustotal.com/file/4722232c8f90d38174baf71697c2c4ecab511629b782f869069cd2b7824080f5/analysis/1339503145/

Report- Strategic Road-Building along the India-China border.doc334d2021a08c4bcb7e3bc9ddc02401a76/9/2012 21:34365fa035f29f40112d900007527fedf241859a05228202a5ddc3be2e17596d9dhttps://www.virustotal.com/file/365fa035f29f40112d900007527fedf241859a05228202a5ddc3be2e17596d9d/analysis/1339503145/

12906.doc9218d5c27ffa1c7dabad832154d475ff6/9/2012 21:34295060efe7df9a4253fd6d0fb6cc90007ac2b4a074393c99c486108b241a639chttps://www.virustotal.com/file/295060efe7df9a4253fd6d0fb6cc90007ac2b4a074393c99c486108b241a639c/analysis/1339503145/

WRE-2.doc4139c915143cf5a0af21c233dd54dde76/9/2012 21:340cf8a95e68f7466dfbe81591ad56bddd1b80e3a352091ca92978e62360e5f92bhttps://www.virustotal.com/file/0cf8a95e68f7466dfbe81591ad56bddd1b80e3a352091ca92978e62360e5f92b/analysis/1339503145/

KasperskySave (2).doc967de32481b9d9aa4431c93a243ed8c66/9/2012 21:3409c30d706d84a6b9f496bf8a9c461bc7c783fd79c52a56429a685ca98e80ad1ehttps://www.virustotal.com/file/09c30d706d84a6b9f496bf8a9c461bc7c783fd79c52a56429a685ca98e80ad1e/analysis/1339503145/

msf (2).doce81d75414dc8e16a1177463ee4f7dfdb6/9/2012 21:340a1c0cd1a817cf119a11c0b837725aa59c794bbb6c3922d5a625b632032a3a36https://www.virustotal.com/file/0a1c0cd1a817cf119a11c0b837725aa59c794bbb6c3922d5a625b632032a3a36/analysis/1339503145/

rop.doc9f40eca5481839481d16f38b141b05f46/9/2012 21:3404e008c7b9e4c5c1da9c85076364f23ed8225b5b586b1a165e469478361fc8bchttps://www.virustotal.com/file/04e008c7b9e4c5c1da9c85076364f23ed8225b5b586b1a165e469478361fc8bc/analysis/1339503145/

template.pdf (3).doc86c0e5fd17297187a59fb30a96e901546/9/2012 21:3408ddc5b4e2115328fb437921e8b6f9fa9d9bbd82d13e73a9a8c579394cfc16achttps://www.virustotal.com/file/08ddc5b4e2115328fb437921e8b6f9fa9d9bbd82d13e73a9a8c579394cfc16ac/analysis/1339503145/

template.pdf (2).docf171b701c0584228de707a3bf59b37166/9/2012 21:34006fcfe7c825e834026809a2525219ecd8300dbe50fcdd1377ca9fef6a985842https://www.virustotal.com/file/006fcfe7c825e834026809a2525219ecd8300dbe50fcdd1377ca9fef6a985842/analysis/1339503145/

300649da673828756cfda29f332d7b39f272c1dd308f0087162e9d58fbacac1f.rtf1cebc7396ed233315a60c9c40fa01f606/9/2012 11:04300649da673828756cfda29f332d7b39f272c1dd308f0087162e9d58fbacac1fhttps://www.virustotal.com/file/300649da673828756cfda29f332d7b39f272c1dd308f0087162e9d58fbacac1f/analysis/1339503145/

Draft Minutes of 29th Bureau meeting.doc5a71b6cb2056a8a533dc26582eb55c546/8/2012 7:1470d78fc38e50f34019b8374298e23c8d17eeb32962f69106777c2c31152f530bhttps://www.virustotal.com/file/70d78fc38e50f34019b8374298e23c8d17eeb32962f69106777c2c31152f530b/analysis/1339503145/

payangdj.doc300f9caa59fdc5f448c6f1cda01696385/7/2012 8:41fd265ea40b57e24481a63aede0c1a0dfef45935725ad3cd39cf334ca6d167708https://www.virustotal.com/file/fd265ea40b57e24481a63aede0c1a0dfef45935725ad3cd39cf334ca6d167708/analysis/1339503145/

6TH WPCT Action Plan from Environment Group.doce836e9ee613bbebfe076ce67c589ae3c5/7/2012 8:380cc010ac06ba9376ec6f44fc6a57a0a3920a23d537e02c3a1438c054941127f6https://www.virustotal.com/file/0cc010ac06ba9376ec6f44fc6a57a0a3920a23d537e02c3a1438c054941127f6/analysis/1339503145/

Criteria.doc098fd5532587f7391c7f20e4e16af13d5/7/2012 8:36abbd1fa4dde11b94360338de8b5a2af7b09c6149ce1633797da825d5843cea7fhttps://www.virustotal.com/file/abbd1fa4dde11b94360338de8b5a2af7b09c6149ce1633797da825d5843cea7f/analysis/1339503145/

Soros.doca288578f9fbd16dccd4f5b6f89c03cca5/7/2012 8:31c3e8e587fd0355d71238563a5ec6129ed12a003367f7b798a360bce190264ae5https://www.virustotal.com/file/c3e8e587fd0355d71238563a5ec6129ed12a003367f7b798a360bce190264ae5/analysis/1339503145/

Ottawa Declaration Fails To Support Tibet's People Or Their Just Cause.doc3d5e58f7e164180e5c4b226fb32150705/7/2012 8:292404eb98f564305ae9bf83efa890e54202a771fef040be8082dd880346aacdc5https://www.virustotal.com/file/2404eb98f564305ae9bf83efa890e54202a771fef040be8082dd880346aacdc5/analysis/1339503145/

PanchePetition1.docfe374c495e07ec288e4e4bf8f79b49405/7/2012 8:2764b3d533be1fe5b3bd5e5cd7adaf8e7c55d0a9581708ac61bb2940ff3c0b3875https://www.virustotal.com/file/64b3d533be1fe5b3bd5e5cd7adaf8e7c55d0a9581708ac61bb2940ff3c0b3875/analysis/1339503145/

the data about these tibetans.doc942d7ff293a328f13e78e4036bb5f3275/6/2012 21:31db37bf24b68b193def64a980e5481bc896030fe322373a54479651f2140df11fhttps://www.virustotal.com/file/db37bf24b68b193def64a980e5481bc896030fe322373a54479651f2140df11f/analysis/1339503145/

jm.doceded47e37c3085a3704060a309e2d8234/29/2012 23:25309a4d6018532b245a45ebaad5dbca2911e0adb19201fc618352880985572420https://www.virustotal.com/file/309a4d6018532b245a45ebaad5dbca2911e0adb19201fc618352880985572420/analysis/1339503145/

a (2).doc23615073e04166027e64f03810fdea3f4/19/2012 3:47bdf274ec3c1d5c69fb9219521742ef2358406f0d9521dd4b427d91d2ae6e7a86https://www.virustotal.com/file/bdf274ec3c1d5c69fb9219521742ef2358406f0d9521dd4b427d91d2ae6e7a86/analysis/1339503145/

894b0088e0d05a9012775a0343c37578.doc894b0088e0d05a9012775a0343c375784/19/2012 2:07de6b57732b0bdc5d1b3d098476b019ffdd6e993500fb8d8c54fada47c86a9132https://www.virustotal.com/file/de6b57732b0bdc5d1b3d098476b019ffdd6e993500fb8d8c54fada47c86a9132/analysis/1339503145/

(JP)Democratic Progressive Party in 2012 the overall planning.docb537da43dd9c371fe0589948f36ab6e24/18/2012 23:42e97ca059337a7fdc8abb5e99b42f5fdc65d73c1d1dd7b388ea762a89e60103aehttps://www.virustotal.com/file/e97ca059337a7fdc8abb5e99b42f5fdc65d73c1d1dd7b388ea762a89e60103ae/analysis/1339503145/

(CN)Legislative Yuan in April 101 years.docdf70cd47ef972b89a035a5becb9ee9e04/18/2012 23:32cc1dd9adfa0ca2cad7cdf75abd833dfe430ab324e2313076fe5206b12e8708d2https://www.virustotal.com/file/cc1dd9adfa0ca2cad7cdf75abd833dfe430ab324e2313076fe5206b12e8708d2/analysis/1339503145/

oracle 9i readme.docb15f0cc600698f9eec080443fcba00114/18/2012 21:07213c65729ea3c8a3dd72df85b84760bd668eb5038a3d984e8794cfc3408471bdhttps://www.virustotal.com/file/213c65729ea3c8a3dd72df85b84760bd668eb5038a3d984e8794cfc3408471bd/analysis/1339503145/

1010415(JP)stop.docb6123d8ab10d1c5e5c06b38fd357151b4/18/2012 21:02b70ceeb6278c3ea545b57d72a364fb04a50670b751a79a5c842c116d8f893e62https://www.virustotal.com/file/b70ceeb6278c3ea545b57d72a364fb04a50670b751a79a5c842c116d8f893e62/analysis/1339503145/

Thupten.doc326e7f206cc334c977aecbcf98b3afa44/18/2012 8:5295cdeb1240896949bcd7d598509c87194ab9ee3fb9c04616f45c08d572bb2cb8https://www.virustotal.com/file/95cdeb1240896949bcd7d598509c87194ab9ee3fb9c04616f45c08d572bb2cb8/analysis/1339503145/

(CN)Children's education subsidy 101 new version.doc5149356b16fc21154610eb888d657f254/18/2012 4:52fb3b8265b76eb348c89431e9fe09b00c0310203cf81a5c0a8c028476480c15cdhttps://www.virustotal.com/file/fb3b8265b76eb348c89431e9fe09b00c0310203cf81a5c0a8c028476480c15cd/analysis/1339503145/

incident.doc896862d988a11e660a12ace9a655ef3d4/15/2012 9:15f39733b1f7b466628087e282eb9ef80f071e2b09a6678b4375fa371cfd7dca39https://www.virustotal.com/file/f39733b1f7b466628087e282eb9ef80f071e2b09a6678b4375fa371cfd7dca39/analysis/1339503145/

southchina.doc62938dd8ec0e41ec3017e8a7820368d74/15/2012 9:157f02e9f2c53fd849a49f0b6e4add15c4ccff7659d8a04a79ec2be8787c003235https://www.virustotal.com/file/7f02e9f2c53fd849a49f0b6e4add15c4ccff7659d8a04a79ec2be8787c003235/analysis/1339503145/

kong.docd05e8b7ea5c6ebd3b04cf7f06abb52174/15/2012 2:49dee38ce0b05f69cd0a7af0a9313230331c252cb0066f7c55101779ac3a7b3cbfhttps://www.virustotal.com/file/dee38ce0b05f69cd0a7af0a9313230331c252cb0066f7c55101779ac3a7b3cbf/analysis/1339503145/


5 comments:

  1. Thanks Mila for sharing the samples as always! We quickly dump the 90 samples into our XecScan, 87 are identified as CVE-2012-0158, 3 samples are actually using CVE-2010-3333. ;-)
    http://blog.xecure-lab.com/2012/06/mila-cve-2012-0158.html

    ReplyDelete
    Replies
    1. oops, i rechecked and it is actually
      ec8b9c68872257cec2552ac727348c09314658d9497085f8a19f58004476c9b8_info.doc
      abbd1fa4dde11b94360338de8b5a2af7b09c6149ce1633797da825d5843cea7f_Criteria.doc
      125b8babb6ee4442efc75a5688c6bb5d0c71f8a685bcdff6b4043f3a829e65eb_Oded - Working.rtf
      indeed

      Delete
  2. hey mila your mail adress? i need a pasword e-mail

    ReplyDelete
    Replies
    1. It is in the profile - see profile section on the top right

      Delete
  3. As always Mila, thanks for sharing the samples, and pasted below is link to my analysis of one sample I found to be interesting since it conducted its nefarious activity other the guise of "itunes".

    http://byt0r.blogspot.com/2012/06/quick-notes-wpct-action-plan-from.html

    ReplyDelete