Download cb9da3ce624c66cda70c9ba84b7e0040 biography.pdf as a password protected archive (please contact me if you need it)
From: Jeffery ask [mailto:jeffery464@gmail.com]
Sent: Monday, January 25, 2010 9:55 PM
To: XXXXXXXXXXXXXX
Subject: PLS Confirm your biography.
Dear Sir / Madam:
Congratulations!You have been selected successfully for "Century Celebrity Network the most influential 500 people of 20th century "
listed by "Century Celebrity Network".Celebrity World Network is a celebrities and celebrities interactive introduction website, we are committed to creating a world's largest, most complete with celebrity information, forums, news, work, activities and awards ceremony site.
All the world's celebrities and their stories, works, achievements, are the world's wealth, for the world and leave this one than the wealth of future generations is of great significance. Celebrity Categories include: arts entertainment, sports, athletics, political and military, literature, religion, philosophy, business finance, doctors, martial artists, social celebrities, scientists and so on.
We will be so grateful if you could take some time to read your relevant description carefully to ensure the truth and integrity of the 20th century largest and most authoritative database.If there is something wrong,pls feel free to contact me.If you think the text we written is far from the truth and can't satisfy you,we will be appreaciate if you could send a biography within 500 words by yourself.
Looking forward to your early reply.
Chou Zhi-wen, editor of Century Celebrity
Virustotal
http://www.virustotal.com/analisis/7f24a035559daacb1a9c17a4739a9764d3e9811ca5f1bf98b12c8eb33075041e-1264477000
File biography.pdf received on 2010.01.26 03:36:40 (UTC)
Result: 15/41 (36.59%)
AhnLab-V3 5.0.0.2 2010.01.25 PDF/Exploit
AntiVir 7.9.1.150 2010.01.25 HTML/Malicious.PDF.Gen
Avast 4.8.1351.0 2010.01.26 JS:Pdfka-VO
AVG 9.0.0.730 2010.01.25 Script/Exploit
BitDefender 7.2 2010.01.26 Trojan.Script.256073
F-Secure 9.0.15370.0 2010.01.25 Trojan.Script.256073
GData 19 2010.01.26 Trojan.Script.256073
Kaspersky 7.0.0.125 2010.01.26 Exploit.JS.Pdfka.bex
McAfee 5872 2010.01.25 Exploit-PDF.b.gen
McAfee+Artemis 5872 2010.01.25 Exploit-PDF.b.gen
McAfee-GW-Edition 6.8.5 2010.01.26 Script.Malicious.PDF.Gen
Microsoft 1.5405 2010.01.26 Exploit:Win32/Pdfjsc.DC
PCTools 7.0.3.5 2010.01.26 HeurEngine.MaliciousExploit
Symantec 20091.2.0.41 2010.01.26 Bloodhound.Exploit.288
Additional information
File size: 435947 bytes
MD5 : cb9da3ce624c66cda70c9ba84b7e0040
SHA1 : 98b177cc4c76232bd3a45cd2b57c52a0916cfbc9
Wepawet
http://wepawet.cs.ucsb.edu/view.php?hash=cb9da3ce624c66cda70c9ba84b7e0040&type=js
File biography.pdf
MD5 cb9da3ce624c66cda70c9ba84b7e0040
Analysis Started 2010-01-25 19:36:44
Report Generated 2010-01-25 19:37:45
Jsand 1.03.02 benign
ViCheck
https://www.vicheck.ca/md5query.php?hash=cb9da3ce624c66cda70c9ba84b7e0040EXECUTABLE SCAN: Embedded Executable (xor/full)
REPORT: https://www.vicheck.ca/md5query.php?hash=cb9da3ce624c66cda70c9ba84b7e0040
Encrypted embedded executable with a key of 512 bytes.
Exploit method detected as pdfexploit - PDF Exploit call to media.newPlayer CVE-2009-4324.
Confidence ranking: 100 (22 hits).
Libraries detected and exploit calls:
Embedded Executable This program must be run under Win32 [This program must be run under Win32]
Embedded Executable LoadLibraryA [LoadLibraryA]
Embedded Executable GetModuleHandleA [GetModuleHandleA]
Embedded Executable GetCommandLineA [GetCommandLineA]
Embedded Executable GetProcAddress [GetProcAddress]
Embedded Executable CreateProcessA [CreateProcessA]
Embedded Executable EnterCriticalSection [EnterCriticalSection]
Embedded Executable CloseHandle [CloseHandle]
Embedded Executable CreateFileA [CreateFileA]
Embedded Executable Advapi32.dll [Advapi32.dll]
Embedded Executable RegOpenKeyExA [RegOpenKeyExA]
Embedded Executable user32.dll [user32.dll]
Execute Shell Command [shell32.dll]
Embedded Executable KERNEL32 [KERNEL32]
Embedded Executable ExitProcess [ExitProcess]
Embedded Executable GetMessageA [GetMessageA]
Javascript obfuscation using unescape [unescape]
PDF Exploit suspicious use of util.printd CVE-2008-2992 [util.printd]
PDF Exploit call to media.newPlayer CVE-2009-4324 [media(.{1,24}?)newPlayer]
No comments:
Post a Comment