Filename: filepdf.php@v=zday | MD5: 0398e68507882a38a26a341058c94653

Link to here

Document information

Original filename: filepdf.php@v=zday

Size: 13156 bytes

Submitted: 2010-11-08 13:23:13

md5: 0398e68507882a38a26a341058c94653

sha1: 474cf887f3a32d6c49753fda280a09cb2bf36334

sha256: a290492fa70dee6ccce765ce90ce8ae7abd925a0d43014dd2f1c2458391aadf9

ssdeep: 192:TCRJAlBuvBr0Kfkay5WtmwnN//1kk/tmwacTnB8l1kp:TCmBuvBrrMay5ANGkXaIn5

content/type: PDF document, version 1.6

Analysis: Malware [101] Beta OpenIOC

16.0 @ 866: suspicious.obfuscation using unescape

16.0 @ 866: pdf.exploit printSeps memory heap corruption CVE-2010-4091

16.0 @ 866: suspicious.warning: object contains JavaScript

16.0 @ 866: suspicious.string Shellcode NOP sled

16.0 @ 866: suspicious.obfuscation using substring

29.0 @ 11440: suspicious.warning: object contains JavaScript

29.0 @ 11440: suspicious.obfuscation using substring

29.0 @ 11440: suspicious.obfuscation using unescape

29.0 @ 11440: pdf.exploit printSeps memory heap corruption CVE-2010-4091