Jan 15 Zany.pdf -fc5196ff7d14bda18cd9f89d81f913db

• CVE-2009-4324 Use-after-free vulnerability in the Doc.media.newPlayer method in Adobe Reader and Acrobat 8.0 through 9.2, and possibly earlier versions, allows remote attackers to execute arbitrary code using ZLib compressed streams, as exploited in the wild in December 2009. 

This file from an URL was submitted by TarunKumar Singh - thank you, TarunKumar

Download  zany.pdf as FC5196FF7D14BDA18CD9F89D81F913DB-zany.zip (Password protected. Please contact me for the password)

Details: fc5196ff7d14bda18cd9f89d81f913db - zany.pdf


Virustotal
http://www.virustotal.com/analisis/b5b6866775f437d9730e3baf4e6d23d512278a613299b17270cfd7cdc999a68b-1263640687
File zany.pdf99 received on 2010.01.16 11:18:07 (UTC)
F-Secure     9.0.15370.0     2010.01.16     Exploit:W32/Pidief.CKT
Kaspersky     7.0.0.125     2010.01.16     Exploit.Win32.Pidief.cyn
PCTools     7.0.3.5     2010.01.16     Trojan.Pidief
Sophos             4.49.0     2010.01.16     Mal/PDFEx-D
Sunbelt     3.2.1858.2     2010.01.16     Exploit.PDF-JS.Gen (v)
Symantec     20091.2.0.41     2010.01.16     Trojan.Pidief.H
File size: 3701 bytes
MD5   : fc5196ff7d14bda18cd9f89d81f913db

Wepawet
http://wepawet.cs.ucsb.edu/view.php?hash=fc5196ff7d14bda18cd9f89d81f913db&type=js
File    zany.pdf
MD5    fc5196ff7d14bda18cd9f89d81f913db
Analysis Started    2010-01-15 05:30:19
Jsand 1.03.02    benign

Update January 19, 2010 
Additional information kindly provided by TarunKumar Singh
 CWSanbox analysis for zany.pdf (Network Activity and Registry changes) by this file on infected host

Registry changes

Network Activity