Adobe will fix this vulnerability on
June 29
-----Original Message-----
From: 大川 正人 [mailto:maseto.okawa@cas.go.jp]
Sent: Monday, June 21, 2010 12:29 AM
To: xxxxxxx
Subject: 最近の日米経済関係について
Importance: High
......
�i‘ã•\�j03-5453-2111�i“à�ü�j82657
�i’¼’Ê�j03-3581-4445
�iFAX�j03-3581-5601
masato.okawa@cas.go.jp
=====================================
----- Original Message -----From: Ookawa Masato [mailto: maseto.okawa @ cas.go.jp]Sent: Monday, June 21, 2010 12:29 AM
To: xxxxxxxSubject: About the recent US-Japan Economic RelationsImportance: High
Headers
Received: from unknown (HELO cas.go.jp) (60.26.142.253)
Received: from SSSSSS-2F0F04F3[192.168.1.211] by cas.go.jpwith SMTP id 4C7BCC96; Mon, 21 Jun 2010 12:28:56 +0800
From: =?ISO-2022-JP?B?GyRCQmdAbiEhQDU/TRsoQg==?=
Subject: =?ISO-2022-JP?B?GyRCOkc2YSRORnxKRjdQOlE0WDc4JEskRCQkJEYbKEI=?=
To: xxxxxxxxxxxxxxxxx
Content-Type: multipart/mixed;
boundary="=_NextPart_2rfkindysadvnqw3nerasdf"; charset="iso-2022-jp"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Reply-To: maseto.okawa@cas.go.jp
Date: Mon, 21 Jun 2010 12:29:29 +0800
X-Priority: 2
X-Mailer: Foxmail 4.1 [cn]
60.26.142.253
ISP: China Unicom Tianjin province network
Organization: China Unicom Tianjin province network
Type: Broadband
Assignment: Static IP
Country: China cn flag
State/Region: Tianjin
File 100621.pdf received on 2010.06.22 00:33:39 (UTC)
http://www.virustotal.com/analisis/5e77d181d45156a17423a7a9d8be59635c3425003a35957f3ccf973bf4a1240b-1277166819Result: 9/41 (21.95%)
a-squared 5.0.0.30 2010.06.21 Exploit.JS.Pdfka!IK
AntiVir 8.2.2.6 2010.06.21 HTML/Malicious.PDF.Gen
BitDefender 7.2 2010.06.22 Exploit.PDF-JS.Gen
GData 21 2010.06.22 Exploit.PDF-JS.Gen
Ikarus T3.1.1.84.0 2010.06.21 Exploit.JS.Pdfka
Kaspersky 7.0.0.125 2010.06.21 Exploit.JS.Pdfka.clv
McAfee-GW-Edition 2010.1 2010.06.21 Heuristic.BehavesLike.PDF.Suspicious.O
Sophos 4.54.0 2010.06.21 Troj/PDFJs-KY
VirusBuster 5.0.27.0 2010.06.21 JS.Pdfka.Gen.11
Additional information
File size: 969411 bytes
MD5 : e3f5ef4fa17b4e08388ae4b0e2373728
Many thanks to JM for sharing the following information
Dropped files
100621.PDF (95210e66bc040ee0f6b5601390658007 – benign decoy, notice the size difference 105 kb
SUCHOST.EXE (abf8e40d7c99e9b3f515ec0872fe099e – 45k) - appears to be Poison Ivy RAT
VT Result: 19/41 (46.34%)
SUCHOST.EXE
http://www.virustotal.com/analisis/8264a96a954c9a3f661bd21b9493377a710aaac1e96fe276d8d9095ea286c84a-1277147963
AhnLab-V3 2010.06.21.02 2010.06.21 Win-Trojan/Agent.45056.AMQ
Antiy-AVL 2.0.3.7 2010.06.18 Trojan/Win32.Agent.gen
Authentium 5.2.0.5 2010.06.21 W32/Trojan2.MIBZ
Avast 4.8.1351.0 2010.06.21 Win32:Malware-gen
Avast5 5.0.332.0 2010.06.21 Win32:Malware-gen
AVG 9.0.0.787 2010.06.21 Agent2.ALLE
BitDefender 7.2 2010.06.21 Trojan.Inject.XI
CAT-QuickHeal 10.00 2010.06.18 Trojan.Agent.dgqy
DrWeb 5.0.2.03300 2010.06.21 Trojan.Siggen1.43943
F-Prot 4.6.1.107 2010.06.20 W32/Trojan2.MIBZ
F-Secure 9.0.15370.0 2010.06.21 Trojan.Inject.XI
GData 21 2010.06.21 Trojan.Inject.XI
Jiangmin 13.0.900 2010.06.15 Trojan/Agent.cule
McAfee-GW-Edition 2010.1 2010.06.21 Heuristic.LooksLike.Trojan.Backdoor.Poison.I
Microsoft 1.5902 2010.06.21 Backdoor:Win32/Poison.AP
NOD32 5216 2010.06.21 a variant of Win32/Poison.NDQ
nProtect 2010-06-21.01 2010.06.21 Trojan/W32.Agent.45056.TM
Panda 10.0.2.7 2010.06.21 Suspicious file
ViRobot 2010.6.21.3896 2010.06.21 Trojan.Win32.Agent.45056.HO
No comments:
Post a Comment