Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: CVE-2007-5659 PDF 9BC1735453963E33EA1857CC25AA5A19 SurveyOnObamapdf.pdf=
File size: 73896 bytes
File type: PDF document, version 1.5
MD5: 9bc1735453963e33ea1857cc25aa5a19
SHA1: 70a219d52e3401e58869045b61a8d5730b4117f4
SHA256: a6bde95330c830646945f2564c5bec27802bcbb117316bdda2520a11a4dbead9
SSDEEP: 1536:TVCs+2968zx0ETJsZY3sWq55odn4/YuQmcnVCs+29H:TU2AM0ETJsZYY5u4gJmcnU2l
Reported: 2010-08-25 13:58:17
Detection engine: 198
Result: PDF Exploit call to Collab.collectEmailInfo CVE-2007-5659
Confidence: 100
Scan hits: 13

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: Yes
Replacement cipher: No
Mathematical substitution cipher: No

Search type: pdfexploit
Matching: full
ROL shift: 3
Key Length: 256 bytes
Key Unique Sum: 32640 More
Key Location: @15360 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: cf3c32092813f01c4f22ea078e92f9bb More
XOR Key:


Detected entities:

PDF Exploit call to Collab.collectEmailInfo CVE-2007-5659 [ FlateDecode ] show hexdump

PDF Exploit call to Collab.collectEmailInfo CVE-2007-5659 [ FlateDecode ] show hexdump
Shellcode detected within PDF Javascript [ ] show hexdump
Javascript obfuscation using app.setTimeOut to run code [ FlateDecode ] show hexdump
Javascript obfuscation using unescape [ FlateDecode ] show hexdump
Javascript obfuscation using unescape [ FlateDecode ] show hexdump
Javascript obfuscation using unescape [ FlateDecode ] show hexdump
Javascript obfuscation using unescape [ FlateDecode ] show hexdump
Embedded Executable cipher 001 This program cannot be run in DOS mode: [14649] show hexdump
Embedded Executable cipher 001 ExitProcess: [32235] show hexdump
Embedded Executable cipher 001 GetProcAddress: [32665] show hexdump
Embedded Executable cipher 001 LoadLibraryA: [32683] show hexdump

RepositoryStatusMore Info

vicheck.ca

PDF Exploit call to Collab.collectEmailInfo CVE-2007-5659
Confidence: 100
Scan hits: 13

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan: show/hide


Exploit Scan:

Exploit: pdfexploit - PDF Exploit call to Collab.collectEmailInfo CVE-2007-5659 found @3211.

Extracted 3308 bytes of Javascript code or XFA block.

JavaScript available on request.

Sandbox report:

Processing...this can take from 20 minutes to several hours depending on the load.

Related Files

FileFile typeReport

File:
Archive1.zip
MD5:
2ca41074c87b34df95565b830e966ca3
SHA1:
2de2050338c799931d392aa669cc0a2821d66bc6
SHA256:
16d504b0648734cca8a0efc828f497101447b680d28641e06a93a5e55c91dbe3
SSDeep:
98304:Jc7BxDELK8AY0WBdMwHLd21usffMCcIKTK3QVfrfAAzfGs:JcvEK9UHhwus3/ll3QVgs

Zip archive data, at least v2.0 to extract

Virus Report
file format archive

File:
CVE-2009-0927 PDF 2009-10-08 67B19A04BDBD0ADC3B39130A26331493 China Artillery Corps Missile.pdf=
MD5:
67b19a04bdbd0adc3b39130a26331493
SHA1:
90673c1f7025427732a5d5c890fc6b1723823adc
SHA256:
98bb77a9afbddde5acad758cc4b0df662925caded3cea5a712d4d21ee1fed2bb
SSDeep:
3072:N73K5U4AVF45Rnxjv2eWM27IqqhAWufWJdqhxdTz0VKJj1gtEKtxKOMcLx1V9:N2AVQBx72eWMvq7WuPT4VKJjNKtxAc3V

PDF document, version 1.6

Virus Report
Javascript obfuscation using String.replace
pdfexploit - Javascript obfuscation using String.replace

File:
CVE-2006-2492 DOC 2010-02-20 D05E0400B62687B5796C5D1B5CCDF6EE-201002MainlandAffairs.doc=
MD5:
d05e0400b62687b5796c5d1b5ccdf6ee
SHA1:
7d43c6057710f6c5cf338adcfe4032d30c4088ab
SHA256:
dbc0a1bfbddceba2afd48e6f30bf2fe0f70707dae1a4f8ae6a0bcdcc27ded36b
SSDeep:
768:j557MChUnxkedN1fMTJcwONoZBW1AmmdITE1vmuEv9e:j557fUxkYNcNBWPmjuu29e

Microsoft Office Document

Virus Report
Embedded Executable
shellcode

File:
CVE-2008-4841 DOC 2010-04-23 03546E59967AF0C2DBF609013934CD07 message-cv.doc=
MD5:
03546e59967af0c2dbf609013934cd07
SHA1:
ddebf17b3d925aa291c2b2a5ea4c83856d7e01f2
SHA256:
7a6b78a4662ceca77e76cd7f2bc08f69a588fc7547db60eb77eb4c328a04c0a8
SSDeep:
3072:MwXwwwu5wdfKqy8DWrRW6XI4eF7G+QpBpWuQ0oDQXWst4ok5IgD3lrPu2uDoyazV:+OA6+ELfQ02QGHluoG7kr

Microsoft Office Document

Virus Report
Embedded Executable Transposition cipher This program cannot be run in DOS mode
shellcode

File:
CVE-2009-0658 PDF 2009-11-26 5B4F2DF5C95EA65736ADBD60ED4F96BE.pdf=
MD5:
5b4f2df5c95ea65736adbd60ed4f96be
SHA1:
42d346cb61b82c47507280200d9f7ca64af79a3a
SHA256:
935aacc944172c155c6884ef8e70ec14a400a6de409aa024bbfa6a396853d656
SSDeep:
6144:wmJ/7kEx7FLxVZ/bKbYfN9Ah/rNul44yfhVXNrgUYwiV1moGXnN79TxNBGmf:F3xxxLpfN6h/kl44CITwiUnbFNtf

PDF document, version 1.4

Virus Report
PDF Exploit suspicious use of U3D CVE-2009-3953 CVE-2009-3959
genexploit - PDF Exploit suspicious use of U3D CVE-2009-3953 CVE-2009-3959

File:
CVE-2009-0927 CVE-2007-5659 PDF 2010-04-02 C497C02464AE74BBC94120D1CBE88D49 IPR in China final.pdf=
MD5:
c497c02464ae74bbc94120d1cbe88d49
SHA1:
794b26a4320e968e7b5a68f600c6a7b2388220ae
SHA256:
816ff03f39d9d210ee3a49a61f208a4b0a8979c3d08fa9b8a17e01a98b5d123c
SSDeep:
1536:ob/dOMWvEHZa7sN8lfIPDR9dqT5ybgwCZ:tGEsNH19j0l

PDF document, version a.a

Virus Report
PDF Exploit call to Collab.collectEmailInfo CVE-2007-5659
pdfexploit - PDF Exploit call to Collab.collectEmailInfo CVE-2007-5659

File:
CVE-2009-0655_PDF_115A25093CB9062CC155508CDF878ACE_DoD_UAS_Class_D.pdf=
MD5:
115a25093cb9062cc155508cdf878ace
SHA1:
ac6c04b9bc670ed05a884fe3526002b97c2457db
SHA256:
1769c9eb8fdb4942176ca2172de118df294ae785c03cca70bd6fee0c74dad2ce
SSDeep:
24576:wEebu5i4k4qQDeME8s6Cg18GxDAa72E23/P0ogVFZ:wENihMLs6CSDVwuVFZ

PDF document, version 1.6

Virus Report
PDF Exploit call to media.newPlayer CVE-2009-4324
pdfexploit - PDF Exploit call to media.newPlayer CVE-2009-4324

File:
CVE-2009-0556_PPT_A362ABE459C574B1984640316219C818_Presentations.ppt=
MD5:
a362abe459c574b1984640316219c818
SHA1:
cae75ae5cb63e13b1d603a4088983278da1696ff
SHA256:
e22805d4f845c42d801e6b2b87782716a01c2db0553e2b4da7eda355ba28cdcf
SSDeep:
6144:wqBRnbIWa3gNiZBTuAKhfH8WpQag+iCBKyf6g7UixvYlz1M44Y6ivtvLRjLClbaJ:wqTRYZBT4fcqngBITLBsVbj6baCxm

Microsoft Office Document

Virus Report
Embedded Executable

File:
CVE DOC 2E0AAFBF78C3459DFA5CB1D1D88E6BC3 Round Table Discussions.doc=
MD5:
2e0aafbf78c3459dfa5cb1d1d88e6bc3
SHA1:
59b15f68f3b72dfea14e50878b31b87bee3019fa
SHA256:
f2bba393701bc31bec7f4f1485c036ac07f96c1e4501ffd93cceb7300f78fe71
SSDeep:
768:QSQsPuIsF+cjZAzPhjJfd98Ji7faB8XsOWeUn7C8RhUA+GTWQR:PPNU4dr8QVfWJ7C8R2A+GT3

Microsoft Office Document

Virus Report
Embedded Executable

File:
CVE-2006-2492 DOC 2010-05-13 D7DF959D1BD657D881F7C4B76F56E339 To Whom It May Concern.doc=
MD5:
d7df959d1bd657d881f7c4b76f56e339
SHA1:
9b225adbb342c9c91ab6dfc4ff6c4315cea1c0c8
SHA256:
ee033d91994b80a586164631583da5726fb93a2a8c81d58bd322a406481a8085
SSDeep:
1536:Jlj26Gq/cFQYYYYrtk8888XXTkZghFAFZop0P9klsc7Vh9Z4Jy:Jlj2N4cFYOGZY0elv7V

Microsoft Office Document

Virus Report
MS WORD Exploit SmartTag overflow CVE-2006-2492
genexploit - MS WORD Exploit SmartTag overflow CVE-2006-2492

File:
CVE-2006-0022 PPT FA1AE228ECE85FEBEB73C75F1F34FE2E -990331.ppt=
MD5:
fa1ae228ece85febeb73c75f1f34fe2e
SHA1:
97b1336617cccd3e92be33148c89d085a7e58aaa
SHA256:
42b8ef8ac574488c2905149a63215d33f01e1c7990e839abdf71da90030905ce
SSDeep:
12288:vgybySaT/mnYkEtDINHEOTpWS/edWad+ia22QrB+:vgxS3EtDIjX/edWaAi

Microsoft Office Document

Virus Report
Embedded Executable
shellcode

File:
CVE-2008-0081 XLS 2008-05-12 2E0BDD473F0EEB37D79DE24EE4BE11E7-FamilyHealthGuide.xls=
MD5:
2e0bdd473f0eeb37d79de24ee4be11e7
SHA1:
f93398872471da62ce34cc8be4488d1088718855
SHA256:
8c0f2f4e31e860b8ef9357cb3eabb5b73ade9c1b6eb34a0adbac9df33f9e6985
SSDeep:
3072:GaMLS9i0WmMPRAeUDGCKm++slgTcC6TGFCozpOZH7XCEWtARGwXMqNVObJpFVALI:oLSs0We4tezpOdRnBOpFGmW0G2

Microsoft Office Document

Virus Report
Shellcode detected at 4232 818 bytes
shellcode

File:
CVE-2009-0658 PDF 2009-03-24 A920DD4E1FC0898D2C77B7046CE67517 China Related Events.pdf=
MD5:
a920dd4e1fc0898d2c77b7046ce67517
SHA1:
1589d0a926ff513d6bab212a2591ae6bc002c579
SHA256:
159828de08d9a654313236067b43b2e2a8245f7441e29f9b9c7a0b2be7cfcad2
SSDeep:
768:qIUcHPmWAFiOvE+TMWQxBdxEgA2o//KtaypbALzIUcHbH:+MYFQ/dxSJStaymq

PDF document, version 1.5

Virus Report
PDF Exploit call to JBIG2Decode
genexploit - PDF Exploit call to JBIG2Decode

File:
CVE-2006-2492_DOC_ 6060ABE0A697619D68FB3E3750987149.doc=
MD5:
6060abe0a697619d68fb3e3750987149
SHA1:
2b4614403e37c20081760915fa280c9043ca3d2f
SHA256:
27673a2ba0ea206e7ee6fa5f17fb42064dd8590adecafb4783c3c0fb3e6f832b
SSDeep:
768:j5b7M1Po8CQcOG1708dDJKxvYU5FEL7RBrU:j5b7OCQcOGtVdVEp7E8

Microsoft Office Document

Virus Report
Embedded Executable
shellcode

File:
CVE-2006-2389 DOC 2010-02-18 6708F50667538FA66739B2C02659F109 thank you - New Year.doc=
MD5:
6708f50667538fa66739b2c02659f109
SHA1:
b15ad04543081c7d95f243c4a1f14ee95832bfbc
SHA256:
ad64ed35e2d5d7d9f3395230340d71c1325f0479bf5ad3d014b0dd222946beee
SSDeep:
12288:y7/SbjwaRACWkeDU1ugAOu4pCDi9kJ4aRSZQ5qJIf2fV8rW5YJVSaDTz6akXakO:y6fJ5WFVg9RsiaRd9+fV2W5SRDSak

Microsoft Office Document

Virus Report
Embedded Executable
shellcode

File:
CVE-2009-0658 PDF 2010-02-15 6ADE3CCF2A871C4F3B305C6322FD165E DIY Tips.pdf.pdf=
MD5:
6ade3ccf2a871c4f3b305c6322fd165e
SHA1:
9daa3159363dedd91d56484fd254f2d9054ae2d0
SHA256:
726bdc5c8ba8d98b685bd282801fcc608646363d2c9e2c6a5180922945c0b796
SSDeep:
6144:liA6YBcO2ybKtbwHMw29gahLmC6mCfm+rjU6dSmCmmCRmBm:MA6/NhYMw29gaTwgdc

PDF document, version 1.6

Virus Report
PDF Exploit call to JBIG2Decode
genexploit - PDF Exploit call to JBIG2Decode

File:
CVE-2009-0658 PDF 2009-10-02 EE46CCB2B7FCBEF2E508B207EEA69A03 GIF STATEMENT Internet freedom in China.pdf=
MD5:
ee46ccb2b7fcbef2e508b207eea69a03
SHA1:
da35a2221140b2edc51e908823d289fb81bf4d2a
SHA256:
0c00005e4efb8bf75923ddc9eeec838f5936b8303d43b6e38f24ffa53818b17f
SSDeep:
1536:R0UcAfDbhnNkiUqFmZb7+ciCMGhgw1Xo6a220UcAfDGyhnNi:lrbhnWiPIb7CCXZ4ewr7hn0

PDF document, version 1.6

Virus Report
PDF Exploit call to JBIG2Decode
genexploit - PDF Exploit call to JBIG2Decode

File:
CVE-2006-6456 DOC 2010-03-17 3348FDD8730B34278E83F5FE9A6A972D Do you remember.doc=
MD5:
3348fdd8730b34278e83f5fe9a6a972d
SHA1:
70485a959c7e9b5b9bbb6f540ec3a675b0c31e54
SHA256:
08fb57910b2e5f3cbfda024ca277026cb5210d5116af7f713fe1385e1f43cabb
SSDeep:
768:GZYgH5BWIU3PcqQWKuUECx/+iKIQuVM3niZx4y0ny77akA0KiJ0w9Terj6:KHqOxJQuVe+MnyTJ0yqH6

Microsoft Office Document

Virus Report
Embedded Executable GetGetModuleFileNameA

File:
CVE-0000-000_DOC_2010-07-08_A09C1CB2C2C79B3E09E5AF09E8C30B2B_ATT11935.doc=
MD5:
a09c1cb2c2c79b3e09e5af09e8c30b2b
SHA1:
257d777b56c4abc40a037a7d0afbaf2f36295985
SHA256:
b993ea184812c414ec64a7029274d029aee5794a07cb498634343ce888497f6c
SSDeep:
1536:fuHTlNd1yUufzRej0SyZg58sT4i462LIjeaWA2X5jCrx2pBKawVjIfrorSNyFPjL:WHX2NZSy5qCcI2x2pwawJSQrxDrF8rq

Microsoft Office Document

Virus Report
Embedded Executable
shellcode

File:
CVE-2009-0927 + CVE-2007-5659 PDF 2009-12-02 B89FA058250AB69B2D15DBCC4332D320 Remarks of Barack Obama.pdf=
MD5:
b89fa058250ab69b2d15dbcc4332d320
SHA1:
5506c024feedd17a5e10f37c1b0144b5d3081413
SHA256:
d83237a5196a6f98f9c58868324ab13c19919e94f9ab9f83d1756d5c86622f58
SSDeep:
768:ZVsDIcaLjJgtPoSfiDfWR5tPjcu2bwANqkix4cHVsg:TKaLlgtPZfiD4G7bw4pWt

PDF document, version 1.3

Virus Report
Javascript obfuscation using String.fromCharCode
pdfexploit - Javascript obfuscation using String.fromCharCode

File:
CVE-2006-2389_DOC_2010-07-21_73FADB8F36E4F34A6D4719DC4CCBE666_shpion_sobytie.doc=
MD5:
73fadb8f36e4f34a6d4719dc4ccbe666
SHA1:
32dadb2c0d7a33c33a385fada39ffe2fd74dd495
SHA256:
8c3f47aea8a06582bbf9eb8d04365323bd45db16a0e6a7adf9425d26c68984d9
SSDeep:
12288:6jx1L1lRgEReIDyRl/yS0zAsCJX505Uis/dEatV:2PJl2ryS0kB8Uis/dnV

Microsoft Office Document

Virus Report
Embedded Executable cipher 001 ExitProcess
shellcode

File:
CVE-2007-5659 PDF 2008-04-02 683B003E9ECFD3834A318FAD65D39E34-08spring_Redacted.pdf=
MD5:
683b003e9ecfd3834a318fad65d39e34
SHA1:
ada4d3068f6cad890535bb1245aafbf8df0ad6f6
SHA256:
1a5297093451105796e815b2ac5afce7076b7f458cfeb6d6404d8062e66c2abc
SSDeep:
6144:PJi+sISSnNHplMOg0eH+kYKq8RQCmjbhCe1wEwoN5AuitqR:PtlHNHpxetYbopatZ1wbuR

PDF document, version 1.4

Virus Report
PDF Exploit call to Collab.collectEmailInfo CVE-2007-5659
pdfexploit - PDF Exploit call to Collab.collectEmailInfo CVE-2007-5659

File:
CVE-2006-6456 DOC 2010-02-22 9EF09819AA5D552ECB15067A14A33152-TAIWAN 2010.doc=
MD5:
9ef09819aa5d552ecb15067a14a33152
SHA1:
ecdf999cba48c5655c8120a4bf3237fee7570d9a
SHA256:
0f57baeb3070bf7a806f004ab61243aaf1b16f328e0c5f96d0c9128294d95b2c
SSDeep:
3072:MwXwwwu5wdfGqy8DWrRW6XDnySicoMwgtR7I4Vx:yoiZgtR8w

Microsoft Office Document

Virus Report
Embedded Executable
shellcode

File:
CVE-2008-0081 XLS 2010-03-24 7D5B0B8274E189D406CC3374F994E441 2010.xls=
MD5:
7d5b0b8274e189d406cc3374f994e441
SHA1:
d17737950a9998011589f9a19dd9a009135307df
SHA256:
829b04fe2362b07185694f08d25e91372d95afc9540df9247b58157a46da4c02
SSDeep:
3072:H7VS9i0WmMPRAeUDGCKmF+slgTcC6TptShrZ6P:bVSs0WeDt7tShF

Microsoft Office Document

Virus Report
Embedded Executable
shellcode

File:
CVE-2008-3005 XLS 2009-12-29 0E4E3C2D84A9BC726A50B3C91346FBB1 1229+bin_files.xls=
MD5:
0e4e3c2d84a9bc726a50b3c91346fbb1
SHA1:
52eb16966670b76f8728fda28c48bc6c49f20e07
SHA256:
afe6b95ad95bc689c356f34ec8d9094c495e4af57c932ac413b65ef132063acc
SSDeep:
1536:zeeeqopd5TCMWNo/QXo3VjgvRjha2wnLW8W:odpCMW6QIFAf8W

Microsoft Office Document

Virus Report
Embedded Executable
shellcode


Comments (0): show/hide