tag:blogger.com,1999:blog-7885177434994542510.post3306635047502837494..comments2024-02-18T03:42:38.869-05:00Comments on contagio: May 3 - CVE-2012-0779 World Uyghur Congress Invitation.docMilahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-7885177434994542510.post-2695100858223989482012-05-14T13:42:56.217-04:002012-05-14T13:42:56.217-04:00How was the embedded flash found? Since it is an ...How was the embedded flash found? Since it is an encrypted flash file, how was the shellcode even seen as part of the code? Was it taken out of memory when the flash file was loaded? What flash tools used to extract the action script code in the pastebin link?neezyjphttps://www.blogger.com/profile/08501985346496885620noreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-16898135324716907322012-05-14T06:32:12.268-04:002012-05-14T06:32:12.268-04:00Steven K , can you please send password to 'in...Steven K , can you please send password to 'infotodo@yahoo.co.uk'Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-40822983074413561732012-05-10T08:36:29.215-04:002012-05-10T08:36:29.215-04:00http://pastebin.com/fbPRL3ihhttp://pastebin.com/fbPRL3ihMilahttps://www.blogger.com/profile/09472209631979859691noreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-8837980850153248732012-05-10T07:44:23.007-04:002012-05-10T07:44:23.007-04:00Hello man , you have action script code ? please p...Hello man , you have action script code ? please post in blogAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-10444424374872468912012-05-08T14:03:58.136-04:002012-05-08T14:03:58.136-04:00Does anyone know how to decrypt the DoSWF encrypti...Does anyone know how to decrypt the DoSWF encryption of the decompressed swf file? Been looking for a tool, but no luck..Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-10116497545171037512012-05-08T11:49:13.438-04:002012-05-08T11:49:13.438-04:00From the RDF MetaData of the decompressed SWF File...From the RDF MetaData of the decompressed SWF File:<br /><br />Encrypted by DoSWF<br />Version:5.0.3<br />Username:nxianguo1985@163.com.fr<br />Index:http://www.doswf.com<br />Author:http://www.laaan.cnc0d3inj3cThttps://www.blogger.com/profile/06531420565383703979noreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-63049327767484298872012-05-08T05:36:03.315-04:002012-05-08T05:36:03.315-04:00Search for the network pattern, "/upload/exp....Search for the network pattern, "/upload/exp.swf" in Google. It will bring you to few examples of the compressed SWF files on jsunpack.<br /><br />One instance: http://jsunpack.jeek.org/?report=48b3c77f602abc635f520eafb4690cc160e3acdd<br /><br />Even though the malicious site on which this SWF file was hosted is down, you can still download the samples from jsunpack site.<br /><br />On a side note, a few of the compressed SWF files are of version 9 and others of version 14.c0d3inj3cThttps://www.blogger.com/profile/06531420565383703979noreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-57963558138186406362012-05-08T04:01:17.187-04:002012-05-08T04:01:17.187-04:00Dropped file (I don't have this one) MD5: 6FE1...Dropped file (I don't have this one) MD5: 6FE1634DCE1D095D6B8A06757B5B6041 // got it, drop me a mail other than gmail who don't allow archive attachement if you want it ;)<br />xylitol@malwareint.comSteven Khttps://www.blogger.com/profile/00282466473904820396noreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-76405751827056317652012-05-07T09:33:54.115-04:002012-05-07T09:33:54.115-04:00There is, thank youThere is, thank youMilahttps://www.blogger.com/profile/09472209631979859691noreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-58888714776035608732012-05-07T09:02:50.483-04:002012-05-07T09:02:50.483-04:00It seems there's no password to the ZIP?It seems there's no password to the ZIP?Zack Huanghttps://www.blogger.com/profile/17744688595099499400noreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-27569241285460123112012-05-07T00:28:02.123-04:002012-05-07T00:28:02.123-04:00oh , Mila, I just know you're the first to pos...oh , Mila, I just know you're the first to post this 0779<br />NICE JOB !0x710DDDDhttps://www.blogger.com/profile/16377392049344545594noreply@blogger.com