Download CVE-2009-4324 samples. (Password protected archive. Use the same password you used on the CVE-2009-4324 samples or contact me for the password)
Details: best wishes.pdf - 4661f1f3553899edd953e448bcab3078
There are many poorly written postcards for this zero day CVE-2009-4324, here is one more and probably the last one.
From: Delaney Kay [mailto:delaney955@yahoo.com]
Sent: Tuesday, December 29, 2009 1:28 AM
To: delaney955@yahoo.com
Subject: Subject: best wishes
Wishing you and your family a happy and safe
holiday seasion and productivein 2010. Keep in turch.
Header
....
Message-ID: <17923.50107.qm@web113713.mail.gq1.yahoo.com>
X-YMail-OSG: Voj83UAVM1lj5wcWDDfxnTXciEB.Tz43m7cn1bmxPR3TomSN1ieJ8sWLZjemEVix0QEzcSZnmMwuuuQiIMI3.eLY1TEWRZ1r87.X5Jg0PUG8h0JXvdhSRfI8IiJqtRgrkw_zPUVEveLx4apk4Ki15C1OktHfhVcrED6cezizsSUg1ew3ZkawfihF_PzxD4edBlTrT7Scw6aVLB41TYgu_e0q.ujIi00g6lUdXMYmETxjVrq7Fy.L5YN8EohXCTjdqA8FqUZe2Em0ycBwS1pYT9mzBZugisg-
Received: from [222.122.12.32] by web113713.mail.gq1.yahoo.com via HTTP; Mon, 28 Dec 2009 22:28:01 PST
X-Mailer: YahooMailRC/240.3 YahooMailWebService/0.8.100.260964
Date: Mon, 28 Dec 2009 22:28:01 -0800 (PST)
From: Delaney Kay
Subject: Subject: best wishes
To: delaney955@yahoo.com
X-YMail-OSG: Voj83UAVM1lj5wcWDDfxnTXciEB.Tz43m7cn1bmxPR3TomSN1ieJ8sWLZjemEVix0QEzcSZnmMwuuuQiIMI3.eLY1TEWRZ1r87.X5Jg0PUG8h0JXvdhSRfI8IiJqtRgrkw_zPUVEveLx4apk4Ki15C1OktHfhVcrED6cezizsSUg1ew3ZkawfihF_PzxD4edBlTrT7Scw6aVLB41TYgu_e0q.ujIi00g6lUdXMYmETxjVrq7Fy.L5YN8EohXCTjdqA8FqUZe2Em0ycBwS1pYT9mzBZugisg-
Received: from [222.122.12.32] by web113713.mail.gq1.yahoo.com via HTTP; Mon, 28 Dec 2009 22:28:01 PST
X-Mailer: YahooMailRC/240.3 YahooMailWebService/0.8.100.260964
Date: Mon, 28 Dec 2009 22:28:01 -0800 (PST)
From: Delaney Kay
Subject: Subject: best wishes
To: delaney955@yahoo.com
ISP: Korea Telecom
Organization: Korea Telecom
Geo-Location Information
Country: Korea, Republic of
State/Region: 13
City: Bucheon
Virustotal
http://www.virustotal.com/analisis/dbf74b121f875eb136f12216387ccde1f19344aa98c2b266985677e5764a75ac-1262627472
File best_wishes.pdf received on 2010.01.04 17:51:12 (UTC)
Result: 3/41 (7.32%)
BitDefender 7.2 2010.01.04 Exploit.PDF-JS.Gen
F-Secure 9.0.15370.0 2010.01.04 Exploit.PDF-JS.Gen
GData 19 2010.01.04 Exploit.PDF-JS.Gen
Additional information
File size: 9170 bytes
MD5 : 4661f1f3553899edd953e448bcab3078
Wepawet
http://wepawet.cs.ucsb.edu/view.php?hash=4661f1f3553899edd953e448bcab3078&type=js
File best wishes.pdf
MD5 4661f1f3553899edd953e448bcab3078
Analysis Started 2010-01-04 10:11:08
Report Generated 2010-01-04 10:11:23
Jsand 1.03.02 malicious
doc.media.newPlayer Use-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2 CVE-2009-4324
Additional (potential) malware:
http://www.jiandaonet.com/j001/zk.exe
Virustotal analysis of zk.exe - a1a1764e73a294b717e2a4a0d2a57fc0
http://www.virustotal.com/analisis/27b5ba67b0776bf3d4ecd023d2ee6a16fe2f4bef579e100f28424cc6a77356d4-1262666275
File zk.exe received on 2010.01.05 04:37:55 (UTC)
Result: 0/41 (0%)
File size: 151040 bytes
MD5...: a1a1764e73a294b717e2a4a0d2a57fc0
trid..: Autodesk FLIC Image File (extensions: flc, fli, cel) (100.0%)
No comments:
Post a Comment