Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: WEO.pdf
File size: 121898 bytes
File type: PDF document, version 1.7
MD5: 81f31e17d97342c8f3700fdd56019972
SHA1: 6d364c0b886aff7ebdaa679a1120f70e744c91e7
SHA256: 380c784d6d561cac16942d6b9933d9f7277eae05cee16cc9e30fdc73915d8447
SSDEEP: 1536:8+9XjjW7rRLj0d1svSTQeVnyg37VvUkxZRMhbGlpFZQFZ+zR8G1y7749d:/jCrRLozGsVnB79q6rEIzR8Go7i
Reported: 2010-06-16 09:03:55
Detection engine: 195
Result: Embedded Flash Exploit CVE-2010-1297 variant c
Confidence: 100
Scan hits: 13

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: block
Matching: full
Key Length: 1 bytes
Key Unique Sum: 128 More
Key Location: @0 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: f033ab37c30201f73f142449d037028d More
XOR Key:


Detected entities:

Embedded Flash Exploit CVE-2010-1297 variant c show hexdump

PDF Javascript heap spray shellcode [ FlateDecode | FlateDecode ] show hexdump
PDF Javascript heap spray shellcode [ FlateDecode ] show hexdump
Embedded Flash may be suspicious show hexdump
Embedded Flash may be suspicious show hexdump
Embedded Flash may be suspicious show hexdump
Javascript obfuscation using String.replace [ FlateDecode ] show hexdump
Javascript obfuscation using unescape [ FlateDecode ] show hexdump
Javascript obfuscation using unescape [ FlateDecode ] show hexdump
Javascript obfuscation using unescape [ FlateDecode ] show hexdump
Javascript obfuscation using unescape [ FlateDecode ] show hexdump
Embedded Executable cipher 001 This program cannot be run in DOS mode: [64473] show hexdump
Embedded Executable cipher 001 ExitProcess: [68957] show hexdump

RepositoryStatusMore Info

vicheck.ca

Embedded Flash Exploit CVE-2010-1297 variant c
Confidence: 100
Scan hits: 13

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: block - Embedded Flash Exploit CVE-2010-1297 variant c found @0.

Extracted 3386 bytes of Javascript code or XFA block.

JavaScript available on request.

Sandbox report: hide/show

Remember to check statically extracted executables at the bottom of this report as the dynamic sandbox analysis may not have successfully run the exploit and the statically extracted files will have more information.

Dropped FileSize

none


Registry Item Created

none


Mutex Created

none


Domains or IPs

none


Outgoing ConnectionsPortMethod

none


MethodDownloaded URL

none


PCAP Tcpdump: hide/show

PCAP Raw DNS Queries

none



Comments (0): show/hide