Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: Golf Clinic.pdf
File size: 763188 bytes
File type: PDF document, version 1.4
MD5: 9c5cd8f4a5988acae6c2e2dce563446a
SHA1: 18272cf888d8779d466901864537b732f842c351
SHA256: d55aa45223606db795d29ab9e341c1c703e5a2e26bd98402779f52b6c2e9da2b
SSDEEP: 12288:KSgEI13mS1AjMSgEI13mS1Ajgm9hJrRiI9q:2BhBE9hKIA
Reported: 2010-09-07 05:21:32
Detection engine: 201
Result: PDF Exploit font SING table CVE-2010-2883
Confidence: 100
Scan hits: 6

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: Yes
Replacement cipher: No
Mathematical substitution cipher: No

Search type: pdfexploit
Matching: full
ROL shift: 3
Key Length: 4 bytes
Key Unique Sum: 562 More
Key Location: @496968 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: 84e03f3290e4055a44e63684eae508ea More
XOR Key:


Detected entities:

PDF Exploit font SING table CVE-2010-2883 [ FlateDecode ] show hexdump

Javascript obfuscation using String.replace [ Octal | Octal ] show hexdump
Javascript obfuscation using unescape [ Octal | Octal ] show hexdump
Javascript obfuscation using unescape [ Octal | Octal ] show hexdump
unicode NOP block [ Octal | Octal | Escaped | Unicode ] show hexdump
Embedded Executable cipher 001 This program cannot be run in DOS mode: [497018] show hexdump

RepositoryStatusMore Info

vicheck.ca

PDF Exploit font SING table CVE-2010-2883
Confidence: 100
Scan hits: 6

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: pdfexploit - PDF Exploit font SING table CVE-2010-2883 found @236.

Extracted 9916 bytes of Javascript code or XFA block.

JavaScript available on request.

Sandbox report: hide/show

Remember to check statically extracted executables at the bottom of this report as the dynamic sandbox analysis may not have successfully run the exploit and the statically extracted files will have more information.

Dropped FileSize

none


Registry Item Created

none


Mutex Created

none


Domains or IPs

none


Outgoing ConnectionsPortMethod

none


MethodDownloaded URL

none


PCAP Tcpdump: hide/show

PCAP Raw DNS Queries

none



Comments (0): show/hide