contagio: Technical analysis of CVE-2009-4324 samples by different analysts.

Pages

Home

Mobile and print friendly view |

Thursday, January 14, 2010

Technical analysis of CVE-2009-4324 samples by different analysts.

Please see technical analysis of some of the samples kindly offered by different analysts.

Analysis of Jan 7 US-J-India_strategic_dialogue sample
Us-J-India_strategic_dialogue.pdf --- MD5 12aab3743c6726452eb0a91d8190a473

January 14 CVE-2009-4324 Doc.media.newPlayer (Us-J-India_strategic_dialogue.pdf) by Wh's Behind New
January 14 PDF Babushka by ISC by Bojan Zdrnja and Daniel (Wesemann?) New
January 12, 2010 Adobe CVE-2009-4324 by extraexploit– Another one with AsciiHexDecode waiting for the patch day -- New

========================================
All contagio samples

Analysis by extraexploit (http://extraexploit.blogspot.com)
January 12, 2010 Adobe CVE-2009-4324 – Another one with AsciiHexDecode waiting for the patch day (for Jan 7 US-J-India_strategic_dialogue sample) -- New

December 29, 2009 Adobe CVE-2009-4324 in the wild - (0day) - part 0.6 – from Taiwan govs with low detection
December 19, 2009 Adobe CVE-2009-4324 in the wild - (0day) - part 0.3 - merry christmas
December 18, 2009 Adobe CVE-2009-4324 in the wild - (0day) - part 0.2 - shellcode and site down
December 15, 2009 Adobe CVE-2009-4324 in the wild - (0day) - part 0.1 - browsing C&Cs
December 15, 2009 Adobe CVE-2009-4324 in the wild - (0day) - part 0

Analysis by Wh's Behind (http://whsbehind.blogspot.com)
January 14 CVE-2009-4324 Doc.media.newPlayer (Us-J-India_strategic_dialogue.pdf) by Wh's Behind New
December 30, 2009 CVE-2009-4324 Doc.media.newPlayer 0-day vulnerability in Adobe Reader/Acrobat v8.0 through 9.2 (new PDF from Taiwan govs) -
December 22, 2009 CVE-2009-4324 Doc.media.newPlayer vulnerability in Adobe Reader/Acrobat v8.0 through 9.2 (DEEP INSIGHT)

Analysis of Interview Outline by kaito (http://d.hatena.ne.jp/kaito834)
December 26, 2009 悪意あるPDF（malicious PDF）に含まれる Exploit コードを pdf-parser.py で確認する

Analysis by demantos (http://malwarelab.tistory.com)
December 22, 2009 Adobe 0-Day
December 16, 2009 New Adobe Reader and Acrobat Vulnerability

CVE-2009-4324 Samples from other sources:
Analysis by Bojan Zdrnja - SANS (http://isc.sans.org/diary.html)

January 4, 2009 Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324

Analysis by VRT (http://vrt-sourcefire.blogspot.com)
December 15, 2009 - Adobe Reader media.newPlayer() Analysis (CVE-2009-4324)

Let me know if I missed any you think need to be added.

Posted by Mila at 11:04 PM Tags: - ADOBE READER + ACROBAT 8.1.7, - ADOBE READER + ACROBAT 9.2, CVE-2009-4324, Vir-Bloodhound.Exploit.288, Vir-Exploit:Win32/Pdfjsc.CO, Vir-Trojan.Pidief.H

No comments:

Post a Comment

Newer Post Older Post Home

Subscribe to: Post Comments (Atom)

Shared by

Mila

View my complete profile

About contagio

Contagio is a collection of the historic malware samples, threats, observations, and analyses.

Malware samples are available for download by any responsible whitehat researcher.

By downloading the samples, anyone waives all rights to claim punitive, incidental and consequential damages resulting from mishandling or self--infection

If you see errors, typos, etc, please let me know.

About Contagio Mobile

Contagio mobile mini-dump is a part of contagiodump.blogspot.com.

Twitter LinkedIn

Blog Archive

► 2024 (27)
- ► November (2)
- ► October (3)
- ► September (22)

► 2023 (1)
- ► February (1)

► 2020 (2)
- ► December (1)
- ► April (1)

► 2019 (5)
- ► December (1)
- ► October (3)
- ► June (1)

► 2018 (1)
- ► March (1)

► 2017 (4)
- ► October (1)
- ► March (2)
- ► February (1)

► 2016 (4)
- ► August (2)
- ► March (1)
- ► February (1)

► 2015 (4)
- ► August (1)
- ► May (1)
- ► March (1)
- ► January (1)

► 2014 (5)
- ► November (3)
- ► October (1)
- ► July (1)

► 2013 (16)
- ► November (1)
- ► August (2)
- ► June (1)
- ► May (1)
- ► April (2)
- ► March (3)
- ► February (5)
- ► January (1)

► 2012 (59)
- ► December (15)
- ► November (3)
- ► October (3)
- ► September (3)
- ► August (9)
- ► July (2)
- ► June (5)
- ► May (6)
- ► April (7)
- ► March (3)
- ► February (2)
- ► January (1)

► 2011 (77)
- ► December (1)
- ► November (4)
- ► October (8)
- ► September (7)
- ► August (4)
- ► July (8)
- ► June (13)
- ► May (4)
- ► April (11)
- ► March (8)
- ► February (4)
- ► January (5)

▼ 2010 (191)
- ► December (4)
- ► November (9)
- ► October (4)
- ► September (10)
- ► August (17)
- ► July (19)
- ► June (20)
- ► May (16)
- ► April (22)
- ► March (25)
- ► February (15)
- ▼ January (30)

► 2009 (55)
- ► December (27)
- ► November (14)
- ► October (7)
- ► September (2)
- ► June (1)
- ► May (3)
- ► April (1)

► 2008 (1)
- ► May (1)

Shortcuts

Mobile Malware mini-dump. Take a sample, leave a sample.

Categories - sort of

Search This Blog

Malware Lists and Collections

* Malicious documents archive for signature testing and research
* Mobile Malware Collection
* I want it ALL

Adobe Reader versions vs corresponding exploits (CVE numbered) - Downloads for testing

Microsoft and Adobe Flash patches vs corresponding document and web exploits (non PDF, CVE numbered)

Malware list (don't think i have time to keep it up) --- the the malware list is moving here
Malware list (OLD) -- no new updates

PCAP Collections

Subscribe To

Posts

Posts

Comments

Comments

Powered by Blogger.