Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: 721601bdbec57cb103a9717eeef0bfca
File size: 268333 bytes
File type: PDF document, version 1.7
MD5: 721601bdbec57cb103a9717eeef0bfca
SHA1: 11d2f8d754f3e52893c631f0201b72c909d52cd8
SHA256: bd2776e507cf0284a9cfb7deb9a241d6699243a221c125f9911fa753ca8f01d1
SSDEEP: 6144:O5/xwzovMsL7oJNQDpNdjTswrLSLmHGdB4qfofvcjaRL41:G/xwEJHON2Ts+LFsB4hvcjaRL8
Reported: 2010-06-07 15:27:42
Detection engine: 195
Result: Embedded Flash Exploit CVE-2010-1297 pad.swf variant a
Confidence: 100
Scan hits: 17

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: block
Matching: full
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @36352 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: c9b69399459095f1b991eb1997a4d066 More
XOR Key:


Detected entities:

Embedded Flash Exploit CVE-2010-1297 pad.swf variant a show hexdump

PDF Javascript heap spray shellcode [ FlateDecode ] show hexdump
Embedded Flash may be suspicious show hexdump
Embedded Flash may be suspicious show hexdump
Embedded Flash may be suspicious show hexdump
Embedded Executable: This program cannot be run in DOS mode [6458] show hexdump
Embedded Executable: CloseHandle [10574] show hexdump
Embedded Executable: CreateFileA [10616] show hexdump
Embedded Executable: GetEnvironmentVariableA [10720] show hexdump
Embedded Executable: GetProcAddress [10792] show hexdump
Embedded Executable: LoadLibraryA [10810] show hexdump
Embedded Executable: KERNEL32 [10900] show hexdump
Embedded Executable: URLDownloadToFileA [11362] show hexdump
Embedded Executable: GetModuleHandleA [11430] show hexdump
Embedded Executable: Advapi32.dll [11756] show hexdump
Embedded Executable: CreateProcessA [30704] show hexdump
Embedded Executable: RegOpenKeyExA [31042] show hexdump

RepositoryStatusMore Info

vicheck.ca

Embedded Flash Exploit CVE-2010-1297 pad.swf variant a
Confidence: 100
Scan hits: 17

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: block - Embedded Flash Exploit CVE-2010-1297 pad.swf variant a found @0.

Extracted 2617 bytes of Javascript code or XFA block.

JavaScript available on request.

Sandbox report: hide/show

Remember to check statically extracted executables at the bottom of this report as the dynamic sandbox analysis may not have successfully run the exploit and the statically extracted files will have more information.

Dropped FileSize

none


Registry Item Created

none


Mutex Created

none


Domains or IPs

none


Outgoing ConnectionsPortMethod

none


MethodDownloaded URL

none


PCAP Tcpdump: hide/show

PCAP Raw DNS Queries

none



Comments (0): show/hide