-Adobe util.printf overflow CVE-2008-2992
-Adobe getIcon CVE-2009-0927
http://silzefos.cn/s/in.cgi?10
->http://bikpakoc.cn/nuc/index.php
->http://bikpakoc.cn/nuc/exe.php Virustotal result
->http://bikpakoc.cn/nuc/spl/pdf.pdf
Credit to Didier Stevens for create such a good tool to analysis the malicous pdf file. His pdf-parser.py can be download from http://blog.didierstevens.com/programs/pdf-tools/
Figure1: Search for javascript
Figure 2: Javascript within object was identified
Figure 3: Detect for decoder
Figure 4: Decode using FlateDecode
Figure 5: Copy the javascript and paste in Malzilla Decoder
Figure 6: util.printf function was detected
Figure 7: getIcon function was detected
Note:If you think the information benefit to you, click on advertisement to support me for domain fees.
0 comments:
Post a Comment