Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: Global.pdf
File size: 492149 bytes
File type: PDF document, version 1.5
MD5: 6932d141916cd95e3acaa3952c7596e4
SHA1: 33a333d6f2e5452d09efd86aed2271f756ac35a7
SHA256: ab8a06d95935b07ad241c17d2c0bd2855e0ee77b24611805cd95fd4871052311
SSDEEP: 12288:/jaRLgbA9Q9QhmGU54z88vB8cYp24p6d8WmQwVgvL7hnQG5fSjaRLgW:/joL4vwmv5It58cu56dKQwVE7qG1SjoH
Reported: 2010-07-04 04:03:08
Detection engine: 195
Result: Embedded Flash Exploit CVE-2010-1297 variant f
Confidence: 100
Scan hits: 9

Detected entities:

Embedded Flash Exploit CVE-2010-1297 variant f show hexdump

PDF Exploit call to media.newPlayer CVE-2009-4324 [ FlateDecode ] show hexdump
PDF Exploit suspicious use of util.printd CVE-2008-2992 [ FlateDecode ] show hexdump
PDF Javascript heap spray shellcode [ FlateDecode | FlateDecode ] show hexdump
Embedded Flash may be suspicious show hexdump
Javascript obfuscation using app.setTimeOut to run code [ FlateDecode ] show hexdump
Javascript obfuscation using eval [ FlateDecode | FlateDecode ] show hexdump
Javascript obfuscation using String.replace [ FlateDecode ] show hexdump
PDF obfuscation of filter names show hexdump

RepositoryStatusMore Info

vicheck.ca

Embedded Flash Exploit CVE-2010-1297 variant f
Confidence: 100
Scan hits: 9

Search type: block
Matching: full
Type: Embedded Flash Exploit CVE-2010-1297 variant f

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: block - Embedded Flash Exploit CVE-2010-1297 variant f found @0.

Extracted 12114 bytes of Javascript code or XFA block.

JavaScript available on request.

Sandbox report: hide/show

Remember to check statically extracted executables at the bottom of this report as the dynamic sandbox analysis may not have successfully run the exploit and the statically extracted files will have more information.

Dropped FileSize

none


Registry Item Created

none


Mutex Created

none


Domains or IPs

none


Outgoing ConnectionsPortMethod

none


MethodDownloaded URL

none


PCAP Tcpdump: hide/show

PCAP Raw DNS Queries

none



Comments (0): show/hide