Clicky

Pages

Tuesday, December 15, 2009

Adobe zero day quick analysis by Extraexploit

UPDATE
More technical details from extraexploit http://extraexploit.blogspot.com/2009/12/adobe-cve-2009-4324-in-wild.html


As this updated post of December 11, 2009 shows, a new Adobe zero day vulnerability is currently in the wild. If you are a malware analyst, grab your copy in the post and contact me for the infected pdf archive password.

Extraexploit analyzed his sample and reports that it drops ab.exe (download it from his blog or here and email for the pass). Apparently, ab.exe generates traffic to 124.217.238.101

Virustotal analysis of ab.exe 686738eb5bb8027c524303751117e8a9
File ab.exe received on 2009.12.15 12:38:33 (UTC)
Result: 8/40 (20%)
Antivirus Version Last Update Result
AntiVir 7.9.1.108 2009.12.15 TR/Drop.Agent.DT
Avast 4.8.1351.0 2009.12.15 Win32:Rootkit-DC
GData 19 2009.12.15 Win32:Rootkit-DC
McAfee+Artemis 5832 2009.12.14 Artemis!686738EB5BB8
Panda 10.0.2.2 2009.12.14 Suspicious file
PCTools 7.0.3.5 2009.12.15 Trojan.Dropper
Sophos 4.48.0 2009.12.15 Mal/Behav-027
Symantec 1.4.4.12 2009.12.15 Trojan.Dropper
Additional information
File size: 386016 bytes
MD5...: 686738eb5bb8027c524303751117e8a9
SHA1..: ad2ebe58b0ae2322b3ca6590f617c5a8ecc7b411
SHA256: d6afb2a2e7f2afe6ca150c1fade0ea87d9b18a8e77edd7784986df55a93db985
ssdeep: 6144:53Gcbn2gnsuwtasAlbkdIiXb8K/hYcZVnHIbNwJBBp5:JbwtasAV+xffZ5X

Threatexpert report on 686738eb5bb8027c524303751117e8a9

Sunbelt analysis of 686738eb5bb8027c524303751117e8a9


No comments:

Post a Comment