- Download 台美軍售最新情況.pdf as 401b4f707b8063b0c4b087c41716746b -The latest U.S. arms sales to Taiwan.zip (password protected, please contact me if you need it)
- Download uncompressed (with pdf-parser.py) as 401b4f707b8063b0c4b087c41716746b-The latest U.S. arms sales to Taiwan.txt
Attachment name
台美軍售最新情況.pdf----- Original Message -----
From: shi9927@yahoo.com.tw
To: XXXXXXXXXX
Sent: Thursday, January 28, 2010 10:45 PM
Subject: 台美軍售最新情況
___________________________________________________
您的生活即時通 - 溝通、娛樂、生活、工作一次搞定!
http://messenger.yahoo.com.tw/
Headers
No headers info available for this post, unfortunately
Virustotal
http://www.virustotal.com/analisis/36e94022b007648137404500a2c3be69db93ebf64dfbb4986f48316d231b3ed0-1264781712
File ________________________.pdf received on 2010.01.29 16:15:12 (UTC)
Microsoft 1.5406 2010.01.29 Exploit:Win32/Pdfjsc.CW
nProtect 2009.1.8.0 2010.01.29 Exploit.PDF-JS.Gen.C02
Sunbelt 3.2.1858.2 2010.01.29 Exploit.PDF-JS.Gen (v)
Additional information
File size: 62182 bytes
MD5...: 401b4f707b8063b0c4b087c41716746b
Wepawet
http://wepawet.iseclab.org/view.php?hash=401b4f707b8063b0c4b087c41716746b&type=js
Analysis report for �美�售最新情�.pdf
File �美�售最新情�.pdf
MD5 401b4f707b8063b0c4b087c41716746b
Analysis Started 2010-01-29 08:15:37
Report Generated 2010-01-29 08:15:38
Jsand 1.03.02 benign
ViCheck.ca
https://www.vicheck.ca/md5query.php?hash=401b4f707b8063b0c4b087c41716746b
Encrypted embedded executable with a key of 1024 bytes.
Exploit method detected as pdfexploit - PDF Exploit call to media.newPlayer CVE-2009-4324.
Here is a part of the java script (uncompressed with pdf-parser.py)
No comments:
Post a Comment