Malware Hash Query

This utility queries our own database, VirusTotal.com, TheatExpert.com, and Team-CYMRU for known malware hashes and links to analysis reports.

Hash:


File: 100621.pdf
File size: 969411 bytes
File type: PDF document, version 1.7
MD5: e3f5ef4fa17b4e08388ae4b0e2373728
SHA1: c201fc4252c97aabad9e13e8c4e064708cce150f
SHA256: 5e77d181d45156a17423a7a9d8be59635c3425003a35957f3ccf973bf4a1240b
SSDEEP: 12288:ajvrEOfzscDUseU1CWCD/LdDB1LbWDFhg1hfqXT0IakRo6AX0WP1HZ81DKvm9PeY:ajDdfwc3eVD1/MDICgEAEWhLm92nvm
Reported: 2010-06-22 06:32:06
Detection engine: 195
Result: Embedded Flash Exploit CVE-2010-1297 variant e
Confidence: 100
Scan hits: 18

Embedded Executable:

XOR encryption: Yes
Bitwise ROL cipher: No
Replacement cipher: No
Mathematical substitution cipher: No

Search type: block
Matching: full
Key Length: 1 bytes
Key Unique Sum: 133 More
Key Location: @0 bytes
Key Accuracy: 100.00%
Fuzzy Errors: 0
File XOR Offset: @0 bytes
XOR Key normalized hash: 3ef815416f775098fe977004015c6193 More
XOR Key:


Detected entities:

Embedded Flash Exploit CVE-2010-1297 variant e show hexdump

PDF Javascript heap spray shellcode [ FlateDecode ] show hexdump
Embedded Flash may be suspicious show hexdump
Embedded Flash may be suspicious [ FlateDecode ] show hexdump
PDF obfuscation of filter names show hexdump
Embedded Executable: This program cannot be run in DOS mode [39246] show hexdump
Embedded Executable: user32.dll [64936] show hexdump
Embedded Executable: CreateProcessA [65368] show hexdump
Embedded Executable: GetEnvironmentVariableA [65406] show hexdump
Embedded Executable: CloseHandle [65454] show hexdump
Embedded Executable: GetProcAddress [65514] show hexdump
Embedded Executable: GetModuleHandleA [65532] show hexdump
Embedded Executable: KERNEL32 [65558] show hexdump
Embedded Executable: GetCommandLineA [65602] show hexdump
Embedded Executable: ExitProcess [65634] show hexdump
Embedded Executable: LoadLibraryA [66054] show hexdump
Embedded Executable: CreateFileA [203275] show hexdump
Embedded Executable: RegOpenKeyExA [203433] show hexdump

RepositoryStatusMore Info

vicheck.ca

Embedded Flash Exploit CVE-2010-1297 variant e
Confidence: 100
Scan hits: 18

VirusTotal.com

New/Nothing Found

none

ThreatExpert.com

New/Nothing Found

none

Team-CYMRU.org

New/Nothing Found

none


Shellcode Scan:

Shellcode not found.


Exploit Scan:

Exploit: block - Embedded Flash Exploit CVE-2010-1297 variant e found @0.

Extracted 4747 bytes of Javascript code or XFA block.

JavaScript available on request.

Sandbox report: hide/show

Remember to check statically extracted executables at the bottom of this report as the dynamic sandbox analysis may not have successfully run the exploit and the statically extracted files will have more information.

Dropped FileSize

none


Registry Item Created

none


Mutex Created

none


Domains or IPs

none


Outgoing ConnectionsPortMethod

none


MethodDownloaded URL

none


PCAP Tcpdump: hide/show

PCAP Raw DNS Queries

none



Comments (0): show/hide