Download infected attachments (password protected archive. You will have to contact me for a password)
From: Matthew Gebert [mailto:matthewgebert@yahoo.com]The message sender was
Sent: Sunday, December 06, 2009 9:57 AM
To: matthewgebert@yahoo.com
Subject: What Can the U.S. Learn from China’s Energy Policy?
The joke among China hands goes like this: If the Americans and the Chinese start talking about a major project today, in two years the Chinese will be done and the Americans will still be talking and applying for permits.
matthewgebert@yahoo.com
The message was titled What Can the U.S. Learn from China’s Energy Policy?
The message date was Sun, 6 Dec 2009 06:56:40 -0800 (PST) The message identifier was <133325.58274.qm@web113916.mail.gq1.yahoo.com>
The virus or unauthorised code identified in the email is:
F-Secure Security Platform version 1.12 build 6412 Copyright (c) 1999-2007 F-Secure Corporation. All Rights Reserved.
Scan started at Sun Dec 6 14:56:44 2009 Database version: 2009-12-05_02
attach/5963824_3X_PM5_EMS_MA-PDF__China=27s=2DEnergy=2DPolicy=2DAnalysis.pdf: Infected: Exploit.SWF.Agent.ci [AVP]
attach/5963824_4X_PM6_EMS_MA-PDF__WhatCantheU.S.LearnfromChina=27sEnergyPolicy.pdf: Infected: Exploit.JS.Pdfka.ajt [AVP]
Scan ended at Sun Dec 6 14:56:45 2009
5 files scanned
2 files infected
Virustotal analysis
1) WhatCantheU.S.LearnfromChina'sEnergyPolicy.pdf
http://www.virustotal.com/analisis/fe409720fc23d950a99f419728b062a8a82e43aac45c72b22d84a853ec52fb1d-1260288148
File WhatCantheU.S.LearnfromChina'sEnergyPolicy.pdf received on 2009.12.08 16:02:28 (UTC)
Result: 9/41 (21.96%)
AhnLab-V3 5.0.0.2 2009.12.08 PDF/Exploit-JBIG2
Avast 4.8.1351.0 2009.12.08 PDF:CVE-2009-0658
BitDefender 7.2 2009.12.08 Exploit.PDF-JBIG2Decode.Gen
eSafe 7.0.17.0 2009.12.08 PDF exploit CVE-2009-0658
F-Secure 9.0.15370.0 2009.12.07 Exploit.PDF-JBIG2Decode.Gen
GData 19 2009.12.08 PDF:CVE-2009-0658
Kaspersky 7.0.0.125 2009.12.08 Exploit.JS.Pdfka.ajt
McAfee-GW-Edition 6.8.5 2009.12.08 Heuristic.BehavesLike.PDF.Suspicious.Z
Sophos 4.48.0 2009.12.08 Troj/PDFEx-CB
Additional information
File size: 496810 bytes
MD5...: fcff95e5a0736d6e1a861f415b19a4b2
SHA1..: 6751d664d720157d4fcd7dee78f6204e0162d8eb
SHA256: fe409720fc23d950a99f419728b062a8a82e43aac45c72b22d84a853ec52fb1d
ssdeep: 12288:f5o7rl8tOmCQbudFJYp/RLk4Vmp98F/WybTuanmraS:1OdQbCFJYUo28F/
JbfndS
Wepawet analysis
File | WhatCantheU.S.LearnfromChina\'sEnergyPolicy.pdf |
---|---|
MD5 | fcff95e5a0736d6e1a861f415b19a4b2 |
Analysis Started | 2009-12-08 08:16:22 |
Report Generated | 2009-12-08 08:16:38 |
Jsand version | 1.03.02 |
Detection results
Detector | Result |
---|---|
Jsand 1.03.02 | malicious |
Exploits
Name | Description | Reference |
---|---|---|
JBIG2 Vulnerability | Vulnerability in the processing of JBIG2 streams embedded in PDF files | SA33901 |
=============================================================
2) China's-Energy-Policy-Analysis.pdf http://www.virustotal.com/analisis/48b65c996aeeccdcf1e5409eeff32a24546e297288aabe64de369f60eb40d4e8-1260288154
Result: 5/40 (12.5%)
BitDefender 7.2 2009.12.08 Trojan.SWF.HeapSpray.B
F-Secure 9.0.15370.0 2009.12.07 Trojan.SWF.HeapSpray.B
GData 19 2009.12.08 Trojan.SWF.HeapSpray.B
Kaspersky 7.0.0.125 2009.12.08 Exploit.SWF.Agent.ci
Sunbelt 3.2.1858.2 2009.12.08 Exploit.PDF-JS.Gen (v)
Additional information
File size: 470008 bytes
MD5...: 7a43c74ef3bbb871e52c015cdd323ffa
SHA1..: 28a2536ee363ceffe0a628bcc71f548710a346c6
SHA256: 48b65c996aeeccdcf1e5409eeff32a24546e297288aabe64de369f60eb40d4e8
ssdeep: 12288:i+eMeJaUEgCoRPIZ8/XH5sVvgCFERySG+5JzZnZLCU31FBzk:i+eJaUELo
RAZ4XH15BGKJZb31FBzk
Wepawet analysis
File | China\'s-Energy-Policy-Analysis.pdf |
---|---|
MD5 | 7a43c74ef3bbb871e52c015cdd323ffa |
Analysis Started | 2009-12-08 08:23:51 |
Report Generated | 2009-12-08 08:24:10 |
Jsand version | 1.03.02 |
Detection results
Detector | Result |
---|---|
Jsand 1.03.02 | benign |
No comments:
Post a Comment