Download CVE-2009-4324 files (Password protected archive. Use the same password you used on the samples above or contact me for the password)
Details: Greetings.pdf -2a7b8180da2906c9889f13fa912df6a0
From: test01@humanright-watch.org on behalf of Kate Saunders [kates@ictibet.org]
Sent: Sat 12/26/2009 8:02 AM
To:
Subject Christmas Greetings from H.H. the Dalai Lama
Attachment Greetings.pdf (81 KB)
Dear Friend of Tibet. Sincerely thank you for the support of the Free Tibet Campaign. I extend you Christmas blessings on behalf of the Dalai Lama. Attachment is a letter sent to you from H.H. the Dalai Lama.
Tashi Delek!
Kate Saunders.ICT
1852 Jefferson Place NW
Washington, DC 20036
Tel 1-202-580-6716
Cell:1-202-375-4398
emai1:kates@ictibet.org
www.savetibet.org
Received: from krilwftlv (203186054193.static.ctinets.com [203.186.54.193]
Hostname:203186054193.static.ctinets.com
ISP:City Telecom (H.K.) Ltd.
Organization:FIRST NETWORK COMMUNICATIONS LTD - FAVOR INDUSTRIA
Country:Hong Kong
Central District
203186054193.static.ctinets.com [203.186.54.193]
http://www.robtex.com/dns/203186054193.static.ctinets.com.html#graph
Virustotal
I am not the first
http://www.virustotal.com/analisis/c0925942b5ec95374db4313dd32d2a2a7a267fa00645ae8b6638ab559bf63fee-1262189869
File Greetings.pdf received on 2009.12.30 16:17:49 (UTC)
Result: 5/41 (12.20%)
McAfee-GW-Edition 6.8.5 2009.12.30 Heuristic.BehavesLike.PDF.Suspicious.Z
nProtect 2009.1.8.0 2009.12.30 Exploit.PDF-JS.Gen.C02
PCTools 7.0.3.5 2009.12.30 HeurEngine.MaliciousExploit
Sophos 4.49.0 2009.12.30 Troj/PDFJs-B
Symantec 1.4.4.12 2009.12.30 Bloodhound.Exploit.288
Additional information
File size: 60334 bytes
MD5 : 2a7b8180da2906c9889f13fa912df6a0
Wepawet
http://wepawet.iseclab.org/view.php?hash=2a7b8180da2906c9889f13fa912df6a0&type=js
File Greetings.pdf
MD5 2a7b8180da2906c9889f13fa912df6a0
Analysis Started 2009-12-29 11:57:19
Report Generated 2009-12-29 11:57:34
Jsand 1.03.02 malicious
Exploits
doc.media.newPlayer Use-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2 CVE-2009-4324
Headers
Received: (qmail 3349 invoked from network); 26 Dec 2009 13:02:45 -0000
Received: from mail.idcsea.com.cn (HELO mail.idcsea.com.cn) (208.77.45.130)
by xxxxxxx
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.idcsea.com.cn (Postfix - by idcsea.net) with ESMTP id 661071B4242
for
X-Virus-Scanned: amavisd-new at idcsea.com.cn
Received: from mail.idcsea.com.cn ([127.0.0.1])
by localhost (mail.idcsea.com.cn [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id VcGK-G7ZMRLh for xxxxxxxx
Sat, 26 Dec 2009 20:58:47 +0800 (CST)
Received: from krilwftlv (203186054193.static.ctinets.com [203.186.54.193])
by mail.idcsea.com.cn (Postfix - by idcsea.net) with ESMTP id 0D3E91B4228
for XXXXXX; Sat, 26 Dec 2009 20:58:43 +0800 (CST)
Reply-To:
Sender: test01@humanright-watch.org
Date: Sat, 26 Dec 2009 21:02:28 +0800
From: "Kate Saunders"
To: xxxxxx
Subject: Christmas Greetings from H.H. the Dalai Lama
Message-ID: <20091226210233152565@humanright-watch.org>
X-mailer: Foxmail 5.0 [cn]
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="=====003_Dragon757361668143_====="
Return-Path: test01@humanright-watch.org
X-OriginalArrivalTime: 26 Dec 2009 13:02:49.0133 (UTC) FILETIME=[B9BC6DD0:01CA862B]
--=====003_Dragon757361668143_=====
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: base64
--=====003_Dragon757361668143_=====
Content-Type: application/octet-stream;
name="Greetings.pdf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Greetings.pdf"
--=====003_Dragon757361668143_=====--
No comments:
Post a Comment