Thursday, January 7, 2010

Jan 7 CVE-2009-4324 Us-J-India_strategic_dialogue from Thu, 7 Jan 2010 10:07:18 -0800 (PST)

. One of the readers (thanks, Richard) reported that it is heavily obfuscated and exploits CVE-2009-4324 (util.printd()) vulnerability - possibly among other things.

 I don't know yet which CVE it is, but I will look into it later. 

Download 12AAB3743C6726452EB0A91D8190A473   - Us-J-India_strategic_dialogue.pdf (password protected archive, you have to contact me for the password)
From: Katie Douglas []
Sent: Thursday, January 07, 2010 1:07 PM
Subject: Us-J-India_strategic_dialogue


In the new year there's a new strategy change.Please kindly find the attachment for your reference.

Best Regards,


The message sender was
The message originating IP was The message recipients were
The message was titled Us-J-India_strategic_dialogue The message date was Thu, 7 Jan 2010 10:07:18 -0800 (PST) The message identifier was <>
The virus or unauthorised code identified in the email is:
attach/5963816_3X_PM5_EMS_MA-OCTET=2DSTREAM__Us=2DJ=2DIndia=5Fstrategic=5Fdialogue.pdf: Infected: Exploit.JS.Pdfka.axx [AVP]

 File Us-J-India_strategic_dialogue.pdf received on 2010.01.11 11:47:41 (UTC)
Result: 2/40 (5%)
Kaspersky    2010.01.11    Exploit.JS.Pdfka.axx
Sophos    4.49.0    2010.01.11    Mal/PDFEx-D
Additional information
File size: 70437 bytes
MD5...: 12aab3743c6726452eb0a91d8190a473

File    Us-J-India_strategic_dialogue.pdf
MD5    12aab3743c6726452eb0a91d8190a473
Analysis Started    2010-01-11 04:08:14
Report Generated    2010-01-11 04:11:58
Jsand 1.03.02    benign :(

VMware -When file opened, it just crashes. No text to enjoy.I see no traffic on Wireshark, not yet.

to be continued..

No comments:

Post a Comment